Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OBS-Studio-30.2.3-Windows-Installer.exe

Overview

General Information

Sample name:OBS-Studio-30.2.3-Windows-Installer.exe
Analysis ID:1555760
MD5:287d64f35d7b81c26ca8cf2f2f6cf993
SHA1:1f2a847fb81c3d4b488482bfade573ab4fc3c2c1
SHA256:b3c3cdd9e888ab607b9e146cf83cdca6b9810c2350c95ecea6b2990b9aba955a
Tags:exeuser-SquiblydooBlog
Infos:

Detection

Score:52
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found pyInstaller with non standard icon
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Uses known network protocols on non-standard ports
Contains capabilities to detect virtual machines
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found dropped PE file which has not been started or loaded
Found evasive API chain checking for process token information
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May check the online IP address of the machine
PE / OLE file has an invalid certificate
PE file contains executable resources (Code or Archives)
PE file contains sections with non-standard names
PE file does not import any functions
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Recon Command Output Piped To Findstr.EXE
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • OBS-Studio-30.2.3-Windows-Installer.exe (PID: 4464 cmdline: "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe" MD5: 287D64F35D7B81C26CA8CF2F2F6CF993)
    • OBS-Studio-30.2.3-Windows-Installer.exe (PID: 1496 cmdline: "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe" MD5: 287D64F35D7B81C26CA8CF2F2F6CF993)
      • WMIC.exe (PID: 6612 cmdline: wmic bios get serialnumber MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 3160 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • cmd.exe (PID: 5632 cmdline: C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 1860 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • findstr.exe (PID: 1292 cmdline: findstr process_explorer MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
      • cmd.exe (PID: 6444 cmdline: C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 3276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 2796 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • findstr.exe (PID: 348 cmdline: findstr wireshark MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
      • cmd.exe (PID: 6612 cmdline: C:\Windows\system32\cmd.exe /c "tasklist | findstr ollydbg" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 984 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • tasklist.exe (PID: 6576 cmdline: tasklist MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
        • findstr.exe (PID: 1784 cmdline: findstr ollydbg MD5: 804A6AE28E88689E0CF1946A6CB3FEE5)
      • cmd.exe (PID: 7064 cmdline: C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
        • conhost.exe (PID: 1628 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • WMIC.exe (PID: 5240 cmdline: wmic csproduct get UUID MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
      • WMIC.exe (PID: 6444 cmdline: wmic /namespace:\\root\securitycenter2 path antivirus get displayname MD5: C37F2F4F4B3CD128BDABCAEB2266A785)
        • conhost.exe (PID: 3276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Rare Remote Thread Creation By Uncommon Source Image
Source: Threat createdAuthor: Perez Diego (@darkquassar), oscd.community: Data: EventID: 8, SourceImage: C:\Windows\System32\wbem\WMIC.exe, SourceProcessId: 6444, StartAddress: C76632B0, TargetImage: C:\Windows\System32\cmd.exe, TargetProcessId: 6444
Sigma detected: Recon Command Output Piped To Findstr.EXE
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems), frack113: Data: Command: C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer", CommandLine: C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer", CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe", ParentImage: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe, ParentProcessId: 1496, ParentProcessName: OBS-Studio-30.2.3-Windows-Installer.exe, ProcessCommandLine: C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer", ProcessId: 5632, ProcessName: cmd.exe

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929817343.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927195083.00007FF8A770F000.00000040.00000001.01000000.0000002A.sdmp
Source: Binary string: cryptography_rust.pdbc source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928613039.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928613039.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060236632.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3945155709.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060236632.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3945155709.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943988760.00007FF8B9F61000.00000040.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3942336722.00007FF8B8F71000.00000040.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3939992646.00007FF8B8B07000.00000040.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3940748946.00007FF8B8B3C000.00000040.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3938111890.00007FF8B7E11000.00000040.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3941754892.00007FF8B8CB1000.00000040.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3940748946.00007FF8B8B3C000.00000040.00000001.01000000.0000000A.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_N source: OBS-Studio-30.2.3-Windows-Installer.exe
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3942988475.00007FF8B93C1000.00000040.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943576777.00007FF8B9841000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: cryptography_rust.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3938422242.00007FF8B7E51000.00000040.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943576777.00007FF8B9841000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924353059.0000024D284F0000.00000002.00000001.01000000.00000006.sdmp, python3.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3936883849.00007FF8B7891000.00000040.00000001.01000000.00000012.sdmp
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C99280 FindFirstFileExW,FindClose,0_2_00007FF689C99280
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C983C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF689C983C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF689CB1874
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C99280 FindFirstFileExW,FindClose,2_2_00007FF689C99280
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C983C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF689C983C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF689CB1874

Networking

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 3000
Source: global trafficTCP traffic: 192.168.2.5:49711 -> 95.215.204.231:3000
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: Joe Sandbox ViewIP Address: 34.117.59.81 34.117.59.81
Source: unknownDNS query: name: ipinfo.io
Source: unknownTCP traffic detected without corresponding DNS query: 95.215.204.231
Source: unknownTCP traffic detected without corresponding DNS query: 95.215.204.231
Source: unknownTCP traffic detected without corresponding DNS query: 95.215.204.231
Source: unknownTCP traffic detected without corresponding DNS query: 95.215.204.231
Source: unknownTCP traffic detected without corresponding DNS query: 95.215.204.231
Source: unknownTCP traffic detected without corresponding DNS query: 95.215.204.231
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficDNS traffic detected: DNS query: ipinfo.io
Source: global trafficDNS traffic detected: DNS query: 171.39.242.20.in-addr.arpa
Source: unknownHTTP traffic detected: POST /register-client HTTP/1.1Host: 95.215.204.231:3000User-Agent: python-requests/2.32.3Accept-Encoding: gzip, deflate, brAccept: */*Connection: keep-aliveContent-Length: 428Content-Type: application/json
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926096280.0000024D29930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://.../back.jpeg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpString found in binary or memory: http://.css
Source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpString found in binary or memory: http://.jpg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4AC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926529226.0000024D29DC2000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4C4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://95.215.204.231:3000
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://95.215.204.231:3000/register-client
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4A4000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://95.215.204.231:3000/register-client0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://blog.cryptographyengineering.com/2012/05/how-to-choose-authenticated-encryption.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digi
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.co
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTruste
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2104802051.0000024D28EC1000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577452-a-memoize-decorator-for-instance-methods/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28BE9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2102828528.0000024D29045000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2102828528.0000024D29006000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://code.activestate.com/recipes/577916/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.certigna.fr/certignarootca.crl01
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/COMODOCertificationAuthority.crlK
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.dhimyotis.com/certignarootca.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925592978.0000024D2929F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925592978.0000024D2929F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925592978.0000024D2929F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl-
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925592978.0000024D2929F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925592978.0000024D2929F000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: libcrypto-3.dll.0.dr, _bz2.pyd.0.dr, _queue.pyd.0.dr, python3.dll.0.dr, libssl-3.dll.0.dr, _lzma.pyd.0.dr, python312.dll.0.dr, unicodedata.pyd.0.dr, _overlapped.pyd.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000002.3924170609.0000022335538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crls.ssl.com/SSLcom-RootCA-EV-RSA-4096-R2.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/eax/eax-spec.pdf
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C.pdf
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924634567.0000024D288A7000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926176043.0000024D29B70000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://curl.haxx.se/rfc/cookie_spec.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://docs.python.org/library/itertools.html#recipes
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tar.gz
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://foo/bar.tgz
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EC0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://google.com/mail/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://hg.python.org/cpython/file/603b4d593758/Lib/socket.py#l535
Source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpString found in binary or memory: http://html4/loose.dtd
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://ocsp.digicert.com0X
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000002.3924170609.0000022335538000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsps.ssl.com0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925040881.0000024D28D90000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925624451.0000024D292C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://opensource.apple.com/source/CF/CF-744.18/CFBinaryPList.c
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/A
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/ST
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/x
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc4880
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926096280.0000024D29930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5297
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc5869
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926096280.0000024D29930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://tools.ietf.org/html/rfc6125#section-6.4.3
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://web.cs.ucdavis.edu/~rogaway/ocb/license.htm
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28C66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28C66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crln
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2070787986.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069294702.000002233555A000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE.0.dr, LICENSE13.0.dr, LICENSE14.0.drString found in binary or memory: http://www.apache.org/licenses/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2070787986.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069294702.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069500710.0000022335568000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2070454949.0000022335568000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069100070.0000022335567000.00000004.00000020.00020000.00000000.sdmp, LICENSE13.0.dr, LICENSE14.0.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925624451.0000024D292C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.apple.com/DTDs/PropertyList-1.0.dtd
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cs.ucdavis.edu/~rogaway/papers/keywrap.pdf
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064924085.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335565000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2064377863.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066164022.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmp, select.pyd.0.drString found in binary or memory: http://www.digicert.com/CPS0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6
Source: LICENSE10.0.dr, LICENSE6.0.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925592978.0000024D2929F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28C66000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rfc-editor.org/info/rfc7253
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tarsnap.com/scrypt/scrypt-slides.pdf
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2925C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://wwwsearch.sf.net/):
Source: METADATA10.0.drString found in binary or memory: https://PROJECT_RTD.readthedocs.io/en/latest/?badge=latest
Source: METADATA14.0.drString found in binary or memory: https://backportstarfile.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067499354.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA12.0.drString found in binary or memory: https://badge.fury.io/py/autocommand)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067499354.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA12.0.drString found in binary or memory: https://badge.fury.io/py/autocommand.svg)
Source: METADATA7.0.drString found in binary or memory: https://badges.gitter.im/python/typing.svg)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.dr, METADATA18.0.dr, METADATA16.0.dr, METADATA10.0.dr, METADATA17.0.dr, METADATA1.0.drString found in binary or memory: https://blog.jaraco.com/skeleton
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925860641.0000024D29600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://bugs.python.org/issue44497.
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3936599989.00007FF8B7811000.00000040.00000001.01000000.00000015.sdmpString found in binary or memory: https://cffi.readthedocs.io/en/latest/using.html#callbacks
Source: METADATA5.0.drString found in binary or memory: https://codecov.io/gh/hukkin/tomli)
Source: METADATA5.0.drString found in binary or memory: https://codecov.io/gh/hukkin/tomli/branch/master/graph/badge.svg)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://cryptography.io
Source: METADATA9.0.drString found in binary or memory: https://cryptography.io/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://cryptography.io/en/latest/changelog/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://cryptography.io/en/latest/installation/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://cryptography.io/en/latest/security/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://dev.to/martinheinz/tour-of-python-itertools-4122
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28AE8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2097485729.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105252245.0000024D28BC9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2100591619.0000024D28BC9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2095588374.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105152281.0000024D28BC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64
Source: METADATA10.0.drString found in binary or memory: https://docs.python.org/3.8/library/zipfile.html#path-objects
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067499354.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA12.0.drString found in binary or memory: https://docs.python.org/3/library/argparse.html#description
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067499354.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA12.0.drString found in binary or memory: https://docs.python.org/3/library/argparse.html#epilog
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D28540000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filename
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_code
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.get_source
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.InspectLoader.is_package
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.create_module
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924553559.0000024D28780000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_module
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924553559.0000024D28780000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_caches
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_spec
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_data
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.html#module-importlib.resources
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://docs.python.org/3/library/importlib.metadata.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://docs.python.org/3/library/itertools.html#itertools-recipes
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.python.org/3/library/multiprocessing.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://docs.python.org/3/reference/import.html#finders-and-loaders
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://foss.heptapod.net/pypy/pypy/-/issues/3539
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067158429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, LICENSE11.0.drString found in binary or memory: https://fsf.org/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://gist.github.com/lyssdod/f51579ae8d93c8657a5564aefc2ffbca
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067499354.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA12.0.drString found in binary or memory: https://github.com/Lucretiel/autocommand
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2067499354.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA12.0.drString found in binary or memory: https://github.com/Lucretiel/autocommand/issues
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/Lucretiel/autocommand/issues/18
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Ousret/charset_normalizer
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/Unidata/MetPy/blob/a3424de66a44bf3a92b0dcacf4dff82ad7b86712/src/metpy/plots/wx_sy
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.dr, METADATA18.0.dr, METADATA16.0.dr, METADATA10.0.dr, METADATA17.0.dr, METADATA1.0.drString found in binary or memory: https://github.com/astral-sh/ruff
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/bbayles
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/erikrose
Source: METADATA5.0.drString found in binary or memory: https://github.com/hukkin/mdformat-toc)
Source: METADATA5.0.drString found in binary or memory: https://github.com/hukkin/tomli
Source: METADATA5.0.drString found in binary or memory: https://github.com/hukkin/tomli-w)
Source: METADATA5.0.drString found in binary or memory: https://github.com/hukkin/tomli/actions?query=workflow%3ATests
Source: METADATA5.0.drString found in binary or memory: https://github.com/hukkin/tomli/blob/master/CHANGELOG.md
Source: METADATA5.0.drString found in binary or memory: https://github.com/hukkin/tomli/workflows/Tests/badge.svg?branch=master)
Source: METADATA14.0.drString found in binary or memory: https://github.com/jaraco/backports.tarfile
Source: METADATA14.0.drString found in binary or memory: https://github.com/jaraco/backports.tarfile/actions/workflows/main.yml/badge.svg
Source: METADATA14.0.drString found in binary or memory: https://github.com/jaraco/backports.tarfile/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2076109885.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://github.com/jaraco/inflect
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://github.com/jaraco/inflect/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://github.com/jaraco/inflect/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://github.com/jaraco/jaraco.collections
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://github.com/jaraco/jaraco.collections/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://github.com/jaraco/jaraco.collections/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/jaraco/jaraco.context
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/jaraco/jaraco.context/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/jaraco/jaraco.functools
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/jaraco/jaraco.functools/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://github.com/jaraco/jaraco.functools/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2104802051.0000024D28EC1000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/jaraco/jaraco.functools/issues/5
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://github.com/jaraco/jaraco.text
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://github.com/jaraco/jaraco.text/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://github.com/jaraco/jaraco.text/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://github.com/jaraco/keyring/commit/a85a7cbc6c909f8121660ed1f7b487f99a1c2bf7
Source: METADATA10.0.drString found in binary or memory: https://github.com/jaraco/zipp
Source: METADATA10.0.drString found in binary or memory: https://github.com/jaraco/zipp/actions/workflows/main.yml/badge.svg
Source: METADATA10.0.drString found in binary or memory: https://github.com/jaraco/zipp/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/more-itertools/more-itertools
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://github.com/more-itertools/more-itertools/graphs/contributors
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmp, METADATA4.0.drString found in binary or memory: https://github.com/platformdirs/platformdirs
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A46C000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/psf/requests/pull/6710
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://github.com/pyca/cryptography
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://github.com/pyca/cryptography/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://github.com/pyca/cryptography/actions?query=workflow%3ACI
Source: METADATA9.0.drString found in binary or memory: https://github.com/pyca/cryptography/issues
Source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/8996
Source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmpString found in binary or memory: https://github.com/pyca/cryptography/issues/9253
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=main
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925624451.0000024D292C0000.00000004.00001000.00020000.00000000.sdmp, METADATA3.0.drString found in binary or memory: https://github.com/pypa/packaging
Source: METADATA3.0.drString found in binary or memory: https://github.com/pypa/packaging/issues
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/1024.
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925785960.0000024D294E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/417#issuecomment-392298401
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925860641.0000024D29600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/pypa/setuptools/issues/new?template=distutils-deprecation.yml
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/3.9/Lib/importlib/_bootstrap_external.py#L679-L688
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/abc.py
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/reader
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2096336611.0000024D28F18000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/python/cpython/issues/86361.
Source: METADATA15.0.drString found in binary or memory: https://github.com/python/importlib_metadata
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://github.com/python/importlib_metadata/issues
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://github.com/python/importlib_resources
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://github.com/python/importlib_resources/actions/workflows/main.yml/badge.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://github.com/python/importlib_resources/actions?query=workflow%3A%22tests%22
Source: METADATA7.0.drString found in binary or memory: https://github.com/python/typing/discussions
Source: METADATA7.0.drString found in binary or memory: https://github.com/python/typing_extensions
Source: METADATA7.0.drString found in binary or memory: https://github.com/python/typing_extensions/blob/main/CHANGELOG.md
Source: METADATA7.0.drString found in binary or memory: https://github.com/python/typing_extensions/blob/main/CONTRIBUTING.md)
Source: METADATA7.0.drString found in binary or memory: https://github.com/python/typing_extensions/issues
Source: METADATA5.0.drString found in binary or memory: https://github.com/sdispater/tomlkit)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#
Source: METADATA5.0.drString found in binary or memory: https://github.com/toml-lang/compliance)
Source: METADATA5.0.drString found in binary or memory: https://github.com/toml-lang/compliance/pull/8)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2192#issuecomment-821832963
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2513#issuecomment-1152559900.
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926176043.0000024D29B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/2920
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926176043.0000024D29B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/3290
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926176043.0000024D29B30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://github.com/urllib3/urllib3/issues/32902
Source: METADATA7.0.drString found in binary or memory: https://gitter.im/python/typing
Source: METADATA7.0.drString found in binary or memory: https://gitter.im/python/typing)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com/mail/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926096280.0000024D29930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/get
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpbin.org/post
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.dr, METADATA18.0.dr, METADATA16.0.dr, METADATA10.0.dr, METADATA17.0.dr, METADATA1.0.drString found in binary or memory: https://img.shields.io/badge/skeleton-2024-informational
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.dr, METADATA18.0.dr, METADATA16.0.dr, METADATA10.0.dr, METADATA17.0.dr, METADATA1.0.drString found in binary or memory: https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/charliermarsh/ruff/main/assets
Source: METADATA14.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/backports.tarfile.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_metadata.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/importlib_resources.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/inflect.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.collections.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.context.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.functools.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/jaraco.text.svg
Source: METADATA10.0.drString found in binary or memory: https://img.shields.io/pypi/pyversions/zipp.svg
Source: METADATA14.0.drString found in binary or memory: https://img.shields.io/pypi/v/backports.tarfile.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://img.shields.io/pypi/v/cryptography.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_metadata.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://img.shields.io/pypi/v/importlib_resources.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://img.shields.io/pypi/v/inflect.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://img.shields.io/pypi/v/jaraco.collections.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://img.shields.io/pypi/v/jaraco.context.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://img.shields.io/pypi/v/jaraco.functools.svg
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://img.shields.io/pypi/v/jaraco.text.svg
Source: METADATA5.0.drString found in binary or memory: https://img.shields.io/pypi/v/tomli)
Source: METADATA10.0.drString found in binary or memory: https://img.shields.io/pypi/v/zipp.svg
Source: METADATA15.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://importlib-metadata.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://importlib-resources.readthedocs.io/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925624451.0000024D292C0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://importlib-resources.readthedocs.io/en/latest/using.html#migrating-from-legacy
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://inflect.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4CC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926529226.0000024D29DC2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/json
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://jaracocollections.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://jaracocontext.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://jaracofunctools.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2076109885.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://jaracotext.readthedocs.io/en/latest/#jaraco.text.WordSet
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://jaracotext.readthedocs.io/en/latest/?badge=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://json.org
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28FBC000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D28FDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mahler:8092/site-updates.py
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://mail.python.org/mailman/listinfo/cryptography-dev
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://martinheinz.dev/blog/16
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.SequenceView
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.adjacent
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.all_equal
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.all_unique
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.always_iterable
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.always_reversible
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.batched
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.before_and_after
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.bucket
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.chunked
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.chunked_even
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.circular_shifts
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.classify_unique
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.collapse
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.combination_index
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.combination_with_replacement
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consecutive_groups
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.constrained_batches
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consume
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consumer
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.convolve
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.count_cycle
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.countable
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.dft
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.difference
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distinct_combinations
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distinct_permutations
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distribute
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.divide
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.dotproduct
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.doublestarmap
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.duplicates_everseen
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.duplicates_justseen
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.exactly_n
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.factor
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.filter_except
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.filter_map
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.first
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.first_true
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.flatten
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.gray_product
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.groupby_transform
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.grouper
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ichunked
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.idft
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iequals
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ilen
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave_evenly
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.interleave_longest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.intersperse
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.is_sorted
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.islice_extended
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_except
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_index
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iter_suppress
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.iterate
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.join_mappings
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.last
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.locate
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.longest_common_prefix
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.lstrip
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.make_decorator
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_except
Source: METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_if
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_reduce
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.mark_ends
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.matmul
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.minmax
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ncycles
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination_with_replace
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_or_last
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_permutation
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_product
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.numeric_range
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.one
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.only
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.outer_product
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.pad_none
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.padded
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.pairwise
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partial_product
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partition
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partitions
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.peekable
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.permutation_index
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.polynomial_derivative
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.polynomial_eval
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.polynomial_from_roots
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.powerset
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.powerset_of_sets
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.prepend
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.product_index
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.quantify
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_combination
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_combination_with_repl
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_permutation
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_product
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeat_each
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeat_last
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.repeatfunc
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.replace
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.reshape
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.rlocate
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.roundrobin
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.rstrip
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.run_length
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sample
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.seekable
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.set_partitions
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.side_effect
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sieve
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliced
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliding_window
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sort_together
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_after
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_at
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_before
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_into
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_when
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.spy
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.stagger
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.strictly_n
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.strip
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.subslices
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.substrings
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.substrings_indexes
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sum_of_squares
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.tabulate
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.tail
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.take
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.takewhile_inclusive
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.time_limited
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.totient
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.transpose
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.triplewise
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_everseen
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_in_window
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_justseen
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unique_to_each
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.unzip
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.value_chain
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.windowed
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.windowed_complete
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.with_iter
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_broadcast
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_equal
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_offset
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://more-itertools.readthedocs.io/en/stable/versions.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-108r1.pdf
Source: METADATA3.0.drString found in binary or memory: https://packaging.pypa.io/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/guides/packaging-namespace-packages/.
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/core-metadata/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/entry-points/All
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/en/latest/specifications/pyproject-toml/#declaring-project-metadata-the
Source: METADATA3.0.drString found in binary or memory: https://packaging.python.org/specifications/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925860641.0000024D29600000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://packaging.python.org/specifications/entry-points/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://path.readthedocs.io/en/latest/api.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925040881.0000024D28D90000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://peps.python.org/pep-0205/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929817343.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://peps.python.org/pep-0263/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://peps.python.org/pep-0685/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://pip.pypa.io/en/stable/
Source: METADATA14.0.drString found in binary or memory: https://pypi.org/project/backports.tarfile
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925785960.0000024D294E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://pypi.org/project/build/).
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://pypi.org/project/cryptography/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://pypi.org/project/importlib_metadata
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://pypi.org/project/importlib_resources
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://pypi.org/project/inflect
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://pypi.org/project/jaraco.collections
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://pypi.org/project/jaraco.context
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://pypi.org/project/jaraco.functools
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://pypi.org/project/jaraco.text
Source: METADATA5.0.drString found in binary or memory: https://pypi.org/project/toml/)
Source: METADATA5.0.drString found in binary or memory: https://pypi.org/project/tomli)
Source: METADATA5.0.drString found in binary or memory: https://pypi.org/project/tomlkit/)
Source: METADATA7.0.drString found in binary or memory: https://pypi.org/project/typing-extensions/)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335568000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2076109885.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2076863417.0000022335568000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://pypi.org/project/word2number/
Source: METADATA10.0.drString found in binary or memory: https://pypi.org/project/zipp
Source: METADATA10.0.drString found in binary or memory: https://readthedocs.org/projects/PROJECT_RTD/badge/?version=latest
Source: METADATA14.0.drString found in binary or memory: https://readthedocs.org/projects/backportstarfile/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drString found in binary or memory: https://readthedocs.org/projects/cryptography/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-metadata/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://readthedocs.org/projects/importlib-resources/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://readthedocs.org/projects/inflect/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://readthedocs.org/projects/jaracocollections/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://readthedocs.org/projects/jaracocontext/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://readthedocs.org/projects/jaracofunctools/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://readthedocs.org/projects/jaracotext/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://readthedocs.org/projects/more-itertools/badge/?version=latest
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925708143.0000024D293E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://refspecs.linuxfoundation.org/elf/gabi4
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28FBC000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A460000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://requests.readthedocs.io
Source: METADATA7.0.drString found in binary or memory: https://semver.org/).
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092820500.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28AE8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2097485729.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091967403.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105252245.0000024D28BC9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2100591619.0000024D28BC9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092762501.0000024D28BDF000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092685358.0000024D28BD8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091967403.0000024D28BD4000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2095588374.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105152281.0000024D28BC4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105152281.0000024D28BE9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28BE9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2094643314.0000024D28C28000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2098678408.0000024D28BFF000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2100591619.0000024D28C0B000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092762501.0000024D28BDF000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092685358.0000024D28BD8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2099473413.0000024D28C1D000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091967403.0000024D28BD4000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092762501.0000024D28C28000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2097485729.0000024D28BE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/pkg_resources.html#basic-resource-access
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924961685.0000024D28C90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packages
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091902924.0000024D28C2F000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092762501.0000024D28BDF000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092685358.0000024D28BD8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091967403.0000024D28BD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091902924.0000024D28C2F000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092762501.0000024D28BDF000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2092685358.0000024D28BD8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2091967403.0000024D28BD4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesr;r
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://setuptools.readthedocs.io/en/latest/pkg_resources.html
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-metadata
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/importlib-resources
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/inflect
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA18.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.collections
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.context
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.functools
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/jaraco.text
Source: METADATA10.0.drString found in binary or memory: https://tidelift.com/badges/package/pypi/zipp
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335568000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2076109885.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2076863417.0000022335568000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-PROJECT?utm_source=pypi-PROJECT&utm_medium=referral&utm_c
Source: METADATA15.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-metadata?utm_source=pypi-importlib-metadata&utm
Source: METADATA16.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-importlib-resources?utm_source=pypi-importlib-resources&u
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readme
Source: METADATA18.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.collections?utm_source=pypi-jaraco.collections&utm
Source: METADATA.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.context?utm_source=pypi-jaraco.context&utm_medium=
Source: METADATA0.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.functools?utm_source=pypi-jaraco.functools&utm_med
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=readme
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=referr
Source: METADATA10.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=readme
Source: METADATA10.0.drString found in binary or memory: https://tidelift.com/subscription/pkg/pypi-zipp?utm_source=pypi-zipp&utm_medium=referral&utm_campaig
Source: METADATA5.0.drString found in binary or memory: https://toml.io).
Source: METADATA5.0.drString found in binary or memory: https://toml.io/en/v1.0.0).
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc2388#section-4.4
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc3610
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc5297
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28AE8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D29045000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7231#section-4.3.6)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924634567.0000024D288A7000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
Source: METADATA7.0.drString found in binary or memory: https://typing-extensions.readthedocs.io/
Source: METADATA7.0.drString found in binary or memory: https://typing-extensions.readthedocs.io/en/latest/#)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926096280.0000024D29930000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxy
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926017206.0000024D29800000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2102828528.0000024D29045000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28FBC000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D28FDC000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2102828528.0000024D29006000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www-cs-faculty.stanford.edu/~knuth/fasc2a.ps.gz
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063441126.0000022335558000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE0.0.drString found in binary or memory: https://www.apache.org/licenses/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063441126.0000022335566000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063513980.0000022335567000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063441126.0000022335558000.00000004.00000020.00020000.00000000.sdmp, LICENSE.APACHE0.0.drString found in binary or memory: https://www.apache.org/licenses/LICENSE-2.0
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://www.bbayles.com/index/decorator_factory
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drString found in binary or memory: https://www.gidware.com/real-world-more-itertools/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ietf.org/rfc/rfc2898.txt
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929679658.00007FF8A8839000.00000004.00000001.01000000.0000000C.sdmp, libcrypto-3.dll.0.dr, libssl-3.dll.0.drString found in binary or memory: https://www.openssl.org/H
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28FBC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28FBC000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D28FDC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.python.org/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D28540000.00000004.00001000.00020000.00000000.sdmp, base_library.zip.0.drString found in binary or memory: https://www.python.org/download/releases/2.3/mro/.
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929817343.00007FF8A8D72000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929817343.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmpString found in binary or memory: https://www.python.org/psf/license/)
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rfc-editor.org/rfc/rfc8259#section-8.1
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/0m
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wwww.certigna.fr/autorites/P/
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yahoo.com/
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C989E00_2_00007FF689C989E0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB69640_2_00007FF689CB6964
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB5C000_2_00007FF689CB5C00
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C910000_2_00007FF689C91000
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9A2DB0_2_00007FF689C9A2DB
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CADA5C0_2_00007FF689CADA5C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA39A40_2_00007FF689CA39A4
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA19440_2_00007FF689CA1944
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA21640_2_00007FF689CA2164
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA5D300_2_00007FF689CA5D30
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9A47B0_2_00007FF689C9A47B
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9ACAD0_2_00007FF689C9ACAD
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB3C100_2_00007FF689CB3C10
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA2C100_2_00007FF689CA2C10
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB08C80_2_00007FF689CB08C8
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB64180_2_00007FF689CB6418
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA1B500_2_00007FF689CA1B50
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB97280_2_00007FF689CB9728
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CADEF00_2_00007FF689CADEF0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB5E7C0_2_00007FF689CB5E7C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA9EA00_2_00007FF689CA9EA0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA35A00_2_00007FF689CA35A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA1D540_2_00007FF689CA1D54
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CAE5700_2_00007FF689CAE570
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB08C80_2_00007FF689CB08C8
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA80E40_2_00007FF689CA80E4
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB40AC0_2_00007FF689CB40AC
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB18740_2_00007FF689CB1874
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C998000_2_00007FF689C99800
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA87940_2_00007FF689CA8794
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA17400_2_00007FF689CA1740
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CA1F600_2_00007FF689CA1F60
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB69642_2_00007FF689CB6964
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C910002_2_00007FF689C91000
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C9A2DB2_2_00007FF689C9A2DB
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CADA5C2_2_00007FF689CADA5C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C989E02_2_00007FF689C989E0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA39A42_2_00007FF689CA39A4
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA19442_2_00007FF689CA1944
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA21642_2_00007FF689CA2164
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA5D302_2_00007FF689CA5D30
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C9A47B2_2_00007FF689C9A47B
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C9ACAD2_2_00007FF689C9ACAD
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB3C102_2_00007FF689CB3C10
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA2C102_2_00007FF689CA2C10
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB5C002_2_00007FF689CB5C00
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB08C82_2_00007FF689CB08C8
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB64182_2_00007FF689CB6418
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA1B502_2_00007FF689CA1B50
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB97282_2_00007FF689CB9728
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CADEF02_2_00007FF689CADEF0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB5E7C2_2_00007FF689CB5E7C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA9EA02_2_00007FF689CA9EA0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA35A02_2_00007FF689CA35A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA1D542_2_00007FF689CA1D54
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CAE5702_2_00007FF689CAE570
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB08C82_2_00007FF689CB08C8
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA80E42_2_00007FF689CA80E4
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB40AC2_2_00007FF689CB40AC
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB18742_2_00007FF689CB1874
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C998002_2_00007FF689C99800
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA87942_2_00007FF689CA8794
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA17402_2_00007FF689CA1740
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CA1F602_2_00007FF689CA1F60
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A76018A02_2_00007FF8A76018A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A76012F02_2_00007FF8A76012F0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A476B02_2_00007FF8A7A476B0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A4E8B02_2_00007FF8A7A4E8B0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A374A02_2_00007FF8A7A374A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A522802_2_00007FF8A7A52280
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A47AF02_2_00007FF8A7A47AF0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A346E02_2_00007FF8A7A346E0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2E0E02_2_00007FF8A7A2E0E0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A312E02_2_00007FF8A7A312E0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A020C02_2_00007FF8A7A020C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A078BB2_2_00007FF8A7A078BB
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A17EC02_2_00007FF8A7A17EC0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2B2C02_2_00007FF8A7A2B2C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A342302_2_00007FF8A7A34230
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2FA302_2_00007FF8A7A2FA30
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A12A202_2_00007FF8A7A12A20
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2F6202_2_00007FF8A7A2F620
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A470102_2_00007FF8A7A47010
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2B6702_2_00007FF8A7A2B670
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2A8602_2_00007FF8A7A2A860
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A1BA502_2_00007FF8A7A1BA50
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A35C502_2_00007FF8A7A35C50
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A406502_2_00007FF8A7A40650
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A4F4502_2_00007FF8A7A4F450
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A0A5B02_2_00007FF8A7A0A5B0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A51BB02_2_00007FF8A7A51BB0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A03DB02_2_00007FF8A7A03DB0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A147A02_2_00007FF8A7A147A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A47DA02_2_00007FF8A7A47DA0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A0C9902_2_00007FF8A7A0C990
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A36F902_2_00007FF8A7A36F90
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A4C3902_2_00007FF8A7A4C390
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A169F02_2_00007FF8A7A169F0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A509F02_2_00007FF8A7A509F0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A05BF02_2_00007FF8A7A05BF0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A29DE02_2_00007FF8A7A29DE0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A4DBC02_2_00007FF8A7A4DBC0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A32B302_2_00007FF8A7A32B30
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A2C9302_2_00007FF8A7A2C930
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A369102_2_00007FF8A7A36910
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A067102_2_00007FF8A7A06710
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A30F002_2_00007FF8A7A30F00
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A4FF002_2_00007FF8A7A4FF00
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A495002_2_00007FF8A7A49500
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A0DF702_2_00007FF8A7A0DF70
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A4B7602_2_00007FF8A7A4B760
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A0B3502_2_00007FF8A7A0B350
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A327502_2_00007FF8A7A32750
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A159402_2_00007FF8A7A15940
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7A409402_2_00007FF8A7A40940
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A83372002_2_00007FF8A8337200
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271CC12_2_00007FF8A8271CC1
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82A8AA02_2_00007FF8A82A8AA0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271A0F2_2_00007FF8A8271A0F
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82716FE2_2_00007FF8A82716FE
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8278BE02_2_00007FF8A8278BE0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82DCDA02_2_00007FF8A82DCDA0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A827143D2_2_00007FF8A827143D
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82716132_2_00007FF8A8271613
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A827262B2_2_00007FF8A827262B
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82B0F902_2_00007FF8A82B0F90
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82717F82_2_00007FF8A82717F8
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82727162_2_00007FF8A8272716
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82711812_2_00007FF8A8271181
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271AD72_2_00007FF8A8271AD7
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82962902_2_00007FF8A8296290
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271D982_2_00007FF8A8271D98
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271EE72_2_00007FF8A8271EE7
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82711722_2_00007FF8A8271172
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82EA7402_2_00007FF8A82EA740
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271B542_2_00007FF8A8271B54
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82BD9602_2_00007FF8A82BD960
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82B99A02_2_00007FF8A82B99A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271FE62_2_00007FF8A8271FE6
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: String function: 00007FF8A827132A appears 335 times
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: String function: 00007FF689C92710 appears 104 times
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: String function: 00007FF8A82ED551 appears 43 times
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: String function: 00007FF8A82ECDA1 appears 729 times
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: String function: 00007FF8A82ECD8F appears 181 times
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: String function: 00007FF689C92910 appears 34 times
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: invalid certificate
Source: _overlapped.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: unicodedata.pyd.0.drStatic PE information: Resource name: RT_VERSION type: COM executable for DOS
Source: python3.dll.0.drStatic PE information: No import functions for PE file found
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061815613.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_overlapped.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060993942.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061910063.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2066714096.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060376273.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_asyncio.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060236632.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062097324.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062204228.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065621469.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061110605.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_decimal.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065278429.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelibsslH vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061456815.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_multiprocessing.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061230351.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062000855.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060747379.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2061322955.0000022335558000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924353059.0000024D284F0000.00000002.00000001.01000000.00000006.sdmpBinary or memory string: OriginalFilenamepython3.dll. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3938297962.00007FF8B7E43000.00000004.00000001.01000000.00000010.sdmpBinary or memory string: OriginalFilenamepyexpat.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927416180.00007FF8A771A000.00000004.00000001.01000000.0000002A.sdmpBinary or memory string: OriginalFilenameunicodedata.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3944192510.00007FF8B9F6C000.00000004.00000001.01000000.0000000E.sdmpBinary or memory string: OriginalFilenameselect.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3942776339.00007FF8B8F94000.00000004.00000001.01000000.00000007.sdmpBinary or memory string: OriginalFilename_ctypes.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3940548957.00007FF8B8B14000.00000004.00000001.01000000.0000000B.sdmpBinary or memory string: OriginalFilename_hashlib.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3931458021.00007FF8A8F32000.00000004.00000001.01000000.00000004.sdmpBinary or memory string: OriginalFilenamepython312.dll. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3945256678.00007FF8BA257000.00000002.00000001.01000000.00000005.sdmpBinary or memory string: OriginalFilenamevcruntime140.dllT vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3941228910.00007FF8B8B4C000.00000004.00000001.01000000.0000000A.sdmpBinary or memory string: OriginalFilename_lzma.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpBinary or memory string: OriginalFilenamelibsslH vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3942064697.00007FF8B8CBC000.00000004.00000001.01000000.00000011.sdmpBinary or memory string: OriginalFilename_queue.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943348791.00007FF8B93D8000.00000004.00000001.01000000.00000009.sdmpBinary or memory string: OriginalFilename_bz2.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3938693461.00007FF8B7E68000.00000004.00000001.01000000.0000000D.sdmpBinary or memory string: OriginalFilename_socket.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929679658.00007FF8A8839000.00000004.00000001.01000000.0000000C.sdmpBinary or memory string: OriginalFilenamelibcryptoH vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3937111447.00007FF8B78C2000.00000004.00000001.01000000.00000012.sdmpBinary or memory string: OriginalFilename_ssl.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943789929.00007FF8B984C000.00000004.00000001.01000000.0000000F.sdmpBinary or memory string: OriginalFilename_wmi.pyd. vs OBS-Studio-30.2.3-Windows-Installer.exe
Source: libcrypto-3.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9989650991958289
Source: libssl-3.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9923451741536459
Source: python312.dll.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9994210643762751
Source: _ec_ws.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9980750902889246
Source: _brotli.cp312-win_amd64.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.994288643715342
Source: unicodedata.pyd.0.drStatic PE information: Section: UPX1 ZLIB complexity 0.9942978533094812
Source: classification engineClassification label: mal52.troj.evad.winEXE@34/191@2/2
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:984:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1628:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1100:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3160:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3276:120:WilError_03
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642Jump to behavior
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Caption FROM Win32_Processor
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: OBS-Studio-30.2.3-Windows-Installer.exeString found in binary or memory: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exeString found in binary or memory: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exeString found in binary or memory: t xml:space=.gif" border="0"</body> </html> overflow:hidden;img src="http://addEventListenerresponsible for s.js"></script> /favicon.ico" />operating system" style="width:1target="_blank">State Universitytext-align:left; document.write(, including the around t
Source: OBS-Studio-30.2.3-Windows-Installer.exeString found in binary or memory: id-cmc-addExtensions
Source: OBS-Studio-30.2.3-Windows-Installer.exeString found in binary or memory: set-addPolicy
Source: OBS-Studio-30.2.3-Windows-Installer.exeString found in binary or memory: -HeLPt)
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile read: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeJump to behavior
Source: unknownProcess created: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumber
Source: C:\Windows\System32\wbem\WMIC.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr process_explorer
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr wireshark
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr ollydbg"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr ollydbg
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUID
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic /namespace:\\root\securitycenter2 path antivirus get displayname
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr process_explorerJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr wiresharkJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr ollydbgJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUIDJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: libffi-8.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: libcrypto-3.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: propsys.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: libssl-3.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: dnsapi.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: rasadhlp.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: amsi.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: userenv.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: textshaping.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: textinputframework.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: coreuicomponents.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: coremessaging.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeSection loaded: wintypes.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vbscript.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sxs.dllJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iphlpapi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: framedynos.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: sspicli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: kernel.appcore.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: wbemcomn.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: msxml6.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: urlmon.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: iertutil.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: srvcli.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: netutils.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: uxtheme.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: vcruntime140_1.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: amsi.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: userenv.dll
Source: C:\Windows\System32\wbem\WMIC.exeSection loaded: profapi.dll
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}\InprocServer32Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Image base 0x140000000 > 0x60000000
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic file information: File size 14281848 > 1048576
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: D:\a\1\b\bin\amd64\python312.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3929817343.00007FF8A8C74000.00000040.00000001.01000000.00000004.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\unicodedata.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927195083.00007FF8A770F000.00000040.00000001.01000000.0000002A.sdmp
Source: Binary string: cryptography_rust.pdbc source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: @ compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PICOpenSSL 3.0.11 19 Sep 20233.0.11built on: Wed Sep 27 22:33:28 2023 UTCplatform: VC-WIN64A-masmOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availableget_and_lock..\s\crypto\ex_data.cossl_crypto_get_ex_new_index_exossl_crypto_new_ex_data_exCRYPTO_dup_ex_dataCRYPTO_set_ex_dataOPENSSL_WIN32_UTF8..\s\crypto\getenv.ccompiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC;CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specificC:\Program Files\Common Files\SSLC:\Program Files\OpenSSL\lib\ossl-modules.dllCPUINFO: ..\s\crypto\init.cOPENSSL_init_cryptoOPENSSL_atexit..\s\crypto\initthread.c..\s\crypto\mem_sec.cassertion failed: (bit & 1) == 0assertion failed: list >= 0 && list < sh.freelist_sizeassertion failed: ((ptr - sh.arena) & ((sh.arena_size >> list) - 1)) == 0assertion failed: bit > 0 && bit < sh.bittable_sizeassertion failed: TESTBIT(table, bit)assertion failed: !TESTBIT(table, bit)assertion failed: WITHIN_FREELIST(list)assertion failed: WITHIN_ARENA(ptr)assertion failed: temp->next == NULL || WITHIN_ARENA(temp->next)assertion failed: (char **)temp->next->p_next == listassertion failed: WITHIN_FREELIST(temp2->p_next) || WITHIN_ARENA(temp2->p_next)assertion failed: size > 0assertion failed: (size & (size - 1)) == 0assertion failed: (minsize & (minsize - 1)) == 0assertion failed: sh.freelist != NULLassertion failed: sh.bittable != NULLassertion failed: sh.bitmalloc != NULLassertion failed: !sh_testbit(temp, slist, sh.bitmalloc)assertion failed: temp != sh.freelist[slist]assertion failed: sh.freelist[slist] == tempassertion failed: temp-(sh.arena_size >> slist) == sh_find_my_buddy(temp, slist)assertion failed: sh_testbit(chunk, list, sh.bittable)assertion failed: WITHIN_ARENA(chunk)assertion failed: sh_testbit(ptr, list, sh.bittable)assertion failed: ptr == sh_find_my_buddy(buddy, list)assertion failed: ptr != NULLassertion failed: !sh_testbit(ptr, list, sh.bitmalloc)assertion failed: sh.freelist[list] == ptr/*0123456789ABCDEFCRYPTO_memdup..\s\crypto\o_str.chexstr2buf_sepossl_hexstr2buf_sepbuf2hexstr_sepossl_buf2hexstr_sep..\s\crypto\packet.cwpacket_intern_init_lenWPACKET_start_sub_packet_len__..\s\crypto\param_build.cparam_pushparam_push_numOSSL_PARAM_BLD_push_BN_padNegative big numbers are unsupported for OSSL_PARAMOSSL_PARAM_BLD_push_utf8_stringOSSL_PARAM_BLD_push_utf8_ptrOSSL_PARAM_BLD_push_octet_stringOSSL_PARAM_BLD_push_octet_ptrOSSL_PARAM_BLD_to_param..\s\crypto\params.c source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928613039.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /Gs0 /GF /Gy /MD /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928613039.00007FF8A86E2000.00000040.00000001.01000000.0000000C.sdmp
Source: Binary string: crypto\bn\bn_ctx.cBN_CTX_startBN_CTX_getossl_ec_group_new_excrypto\ec\ec_lib.cEC_GROUP_copyEC_GROUP_set_generatorEC_GROUP_set_curveEC_GROUP_get_curveEC_GROUP_get_degreeEC_GROUP_check_discriminantEC_POINT_newEC_POINT_copyEC_POINT_set_to_infinityEC_POINT_set_Jprojective_coordinates_GFpEC_POINT_set_affine_coordinatesEC_POINT_get_affine_coordinatesEC_POINT_addEC_POINT_dblEC_POINT_invertEC_POINT_is_at_infinityEC_POINT_is_on_curveEC_POINT_cmpEC_POINT_mulEC_GROUP_get_trinomial_basisEC_GROUP_get_pentanomial_basisgroup_new_from_nameossl_ec_group_set_paramsencodingdecoded-from-explicitEC_GROUP_new_from_paramsgeneratorcrypto\evp\digest.cevp_md_ctx_new_exevp_md_ctx_free_algctxevp_md_init_internalEVP_DigestUpdatesizeEVP_DigestFinal_exassertion failed: mdsize <= EVP_MAX_MD_SIZEEVP_DigestFinalXOFxoflenEVP_MD_CTX_copy_exEVP_MD_CTX_ctrlmicalgssl3-msblocksizexofalgid-absentevp_md_from_algorithmupdatecrypto\evp\m_sigver.cUNDEFdo_sigver_initEVP_DigestSignUpdateEVP_DigestVerifyUpdateEVP_DigestSignFinalEVP_DigestSignEVP_DigestVerifyFinalEVP_DigestVerifycompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG"3.3.2built on: Fri Oct 18 00:15:00 2024 UTCplatform: VC-WIN64AOPENSSLDIR: "C:\Program Files\Common Files\SSL"ENGINESDIR: "C:\Program Files\OpenSSL\lib\engines-3"MODULESDIR: "C:\Program Files\OpenSSL\lib\ossl-modules"CPUINFO: N/Anot availablecrypto\init.cOPENSSL_init_cryptocrypto\bio\bio_lib.cBIO_new_exbio_read_internbio_write_internBIO_sendmmsgBIO_recvmmsgBIO_putsBIO_getsBIO_get_line BIO_ctrlBIO_callback_ctrlBIO_find_type source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: ossl_ec_GFp_simple_group_set_curvecrypto\ec\ecp_smpl.cossl_ec_GFp_simple_group_check_discriminantossl_ec_GFp_simple_point_set_affine_coordinatesossl_ec_GFp_simple_point_get_affine_coordinatesossl_ec_GFp_simple_make_affineossl_ec_GFp_simple_points_make_affineossl_ec_GFp_simple_field_invossl_ec_GFp_simple_blind_coordinatescrypto\engine\tb_digest.cENGINE_get_digestcompiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG";CPUINFO: OPENSSL_ia32cap=0x%llx:0x%llxOPENSSL_ia32cap env:%sos-specific.dllCPUINFO: crypto\initthread.cOPENSSL_ia32cap source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060236632.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3945155709.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdbGCTL source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2060236632.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3945155709.00007FF8BA251000.00000002.00000001.01000000.00000005.sdmp, VCRUNTIME140.dll.0.dr
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_NO_WARNINGS" -D"NDEBUG" source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\select.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943988760.00007FF8B9F61000.00000040.00000001.01000000.0000000E.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ctypes.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3942336722.00007FF8B8F71000.00000040.00000001.01000000.00000007.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_hashlib.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3939992646.00007FF8B8B07000.00000040.00000001.01000000.0000000B.sdmp
Source: Binary string: D:\a\1\b\libssl-3.pdbEE source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdbNN source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3940748946.00007FF8B8B3C000.00000040.00000001.01000000.0000000A.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\pyexpat.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3938111890.00007FF8B7E11000.00000040.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_queue.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3941754892.00007FF8B8CB1000.00000040.00000001.01000000.00000011.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_lzma.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3940748946.00007FF8B8B3C000.00000040.00000001.01000000.0000000A.sdmp
Source: Binary string: compiler: cl /Zi /Fdossl_static.pdb /MT /Zl /Gs0 /GF /Gy /W3 /wd4090 /nologo /O2 -DL_ENDIAN -DOPENSSL_PIC -D"OPENSSL_BUILDING_OPENSSL" -D"OPENSSL_SYS_WIN32" -D"WIN32_LEAN_AND_MEAN" -D"UNICODE" -D"_UNICODE" -D"_CRT_SECURE_NO_DEPRECATE" -D"_WINSOCK_DEPRECATED_N source: OBS-Studio-30.2.3-Windows-Installer.exe
Source: Binary string: D:\a\1\b\bin\amd64\_bz2.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3942988475.00007FF8B93C1000.00000040.00000001.01000000.00000009.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943576777.00007FF8B9841000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: cryptography_rust.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_socket.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3938422242.00007FF8B7E51000.00000040.00000001.01000000.0000000D.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_wmi.pdb''&GCTL source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3943576777.00007FF8B9841000.00000040.00000001.01000000.0000000F.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\python3.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2065807770.0000022335558000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924353059.0000024D284F0000.00000002.00000001.01000000.00000006.sdmp, python3.dll.0.dr
Source: Binary string: D:\a\1\b\libssl-3.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmp
Source: Binary string: D:\a\1\b\bin\amd64\_ssl.pdb source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3936883849.00007FF8B7891000.00000040.00000001.01000000.00000012.sdmp
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: OBS-Studio-30.2.3-Windows-Installer.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8337200 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00007FF8A8337200
Source: VCRUNTIME140.dll.0.drStatic PE information: section name: _RDATA
Source: libffi-8.dll.0.drStatic PE information: section name: UPX2
Source: _rust.pyd.0.drStatic PE information: section name: UPX2
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7606859 push rsi; ret 2_2_00007FF8A7606890
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7608419 push r10; retf 2_2_00007FF8A7608485
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605C31 push r10; ret 2_2_00007FF8A7605C33
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7607FFF push r12; ret 2_2_00007FF8A760804A
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605CE5 push r8; ret 2_2_00007FF8A7605CEB
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605CE0 push r10; retf 2_2_00007FF8A7605CE2
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605CED push rdx; ret 2_2_00007FF8A7605CF7
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A760808B push r12; iretd 2_2_00007FF8A760809F
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7607F67 push rbp; iretq 2_2_00007FF8A7607F68
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605F56 push r12; ret 2_2_00007FF8A7605F73
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7608F42 push rsp; iretq 2_2_00007FF8A7608F43
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7609327 push rsp; ret 2_2_00007FF8A7609328
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605F01 push r12; ret 2_2_00007FF8A7605F10
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605FB9 push r10; ret 2_2_00007FF8A7605FCC
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605F7B push r8; ret 2_2_00007FF8A7605F83
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605E67 push rdi; iretd 2_2_00007FF8A7605E69
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A760763E push rbp; retf 2_2_00007FF8A7607657
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605E18 push rsp; ret 2_2_00007FF8A7605E1C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A76082D8 push rdi; iretd 2_2_00007FF8A76082DA
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605EB4 push rsp; iretd 2_2_00007FF8A7605EB5
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7607689 push r12; ret 2_2_00007FF8A76076CD
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605D06 push r12; ret 2_2_00007FF8A7605D08
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7605DF7 push r10; retf 2_2_00007FF8A7605DFA
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7608DBF push rsp; retf 2_2_00007FF8A7608DC0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8294541 push rcx; ret 2_2_00007FF8A8294542
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1
Source: initial sampleStatic PE information: section name: UPX0
Source: initial sampleStatic PE information: section name: UPX1

Persistence and Installation Behavior

barindex
Found pyInstaller with non standard icon
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libssl-3.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\libffi-8.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile created: C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\LICENSE.txtJump to behavior

Hooking and other Techniques for Hiding and Protection

barindex
Uses known network protocols on non-standard ports
Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 3000
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C976C0 GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,GetProcAddress,GetLastError,0_2_00007FF689C976C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\wbem\WMIC.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeFile opened / queried: C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxService.exeJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\select.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_queue.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_wmi.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_overlapped.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\unicodedata.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_multiprocessing.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\python312.dllJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography\hazmat\bindings\_rust.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md__mypyc.cp312-win_amd64.pydJump to dropped file
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_0-17561
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeAPI coverage: 5.3 %
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BIOS
Source: C:\Windows\System32\cmd.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT SerialNumber FROM Win32_BIOS
Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\findstr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem
Source: C:\Windows\System32\wbem\WMIC.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT UUID FROM Win32_ComputerSystemProduct
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Architecture FROM Win32_Processor
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT Manufacturer,Caption FROM Win32_Processor
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C99280 FindFirstFileExW,FindClose,0_2_00007FF689C99280
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C983C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,0_2_00007FF689C983C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,0_2_00007FF689CB1874
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C99280 FindFirstFileExW,FindClose,2_2_00007FF689C99280
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C983C0 FindFirstFileW,RemoveDirectoryW,DeleteFileW,FindNextFileW,FindClose,RemoveDirectoryW,2_2_00007FF689C983C0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CB1874 _invalid_parameter_noinfo,FindFirstFileExW,FindNextFileW,FindClose,FindClose,2_2_00007FF689CB1874
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2062692373.0000022335558000.00000004.00000020.00020000.00000000.sdmp, cacert.pem.0.drBinary or memory string: j2aTPs+9xYa9+bG3tD60B8jzljHz7aRP+KNOjSkVWLjVb3/ubCK1sK9IRQq9qEmU
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4BC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: VMware
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926529226.0000024D29DC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if os.path.exists("C:\\Program Files\\Oracle\\VirtualBox Guest Additions\\VBoxService.exe"):
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926529226.0000024D29DC2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: if "VMware" in output or "Virtual" in output:
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924634567.0000024D288A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4BC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: "VMware"
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A478000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: {dC:\Program Files\Oracle\VirtualBox Guest Additions\VBoxService.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A478000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: C:\Program Files\Oracle\VirtualBox Guest Additions\VBoxService.exe
Source: OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926712895.0000024D2A4BC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: fVMwarep
Source: cacert.pem.0.drBinary or memory string: zJVSk/BwJVmcIGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5dd
Source: C:\Windows\System32\wbem\WMIC.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CAA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF689CAA614
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8337200 EntryPoint,LoadLibraryA,GetProcAddress,VirtualProtect,VirtualProtect,VirtualProtect,2_2_00007FF8A8337200
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB3480 GetProcessHeap,0_2_00007FF689CB3480
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9D30C SetUnhandledExceptionFilter,0_2_00007FF689C9D30C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CAA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF689CAA614
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_00007FF689C9D12C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00007FF689C9C8A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C9D30C SetUnhandledExceptionFilter,2_2_00007FF689C9D30C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689CAA614 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF689CAA614
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C9D12C IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF689C9D12C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF689C9C8A0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF689C9C8A0
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A7603068 IsProcessorFeaturePresent,00007FF8BA2419C0,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,00007FF8BA2419C0,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A7603068
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8272135 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00007FF8A8272135
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A8271CBC SetUnhandledExceptionFilter,2_2_00007FF8A8271CBC
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 2_2_00007FF8A82EDA5C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_00007FF8A82EDA5C
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe "C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic bios get serialnumberJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"Jump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeProcess created: C:\Windows\System32\cmd.exe C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr process_explorerJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr wiresharkJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklistJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\findstr.exe findstr ollydbgJump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\wbem\WMIC.exe wmic csproduct get UUIDJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB9570 cpuid 0_2_00007FF689CB9570
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\certifi VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\license_files VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\more_itertools-10.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pyd VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco\text\Lorem ipsum.txt VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\AppData\Local\Temp\_MEI44642 VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeQueries volume information: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689C9D010 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,0_2_00007FF689C9D010
Source: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exeCode function: 0_2_00007FF689CB5C00 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,0_2_00007FF689CB5C00

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts31
Windows Management Instrumentation		1
DLL Side-Loading		11
Process Injection		3
Virtualization/Sandbox Evasion		OS Credential Dumping2
System Time Discovery		Remote Services1
Archive Collected Data		12
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts2
Command and Scripting Interpreter		Boot or Logon Initialization Scripts1
DLL Side-Loading		11
Process Injection		LSASS Memory51
Security Software Discovery		Remote Desktop ProtocolData from Removable Media11
Non-Standard Port		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Native API		Logon Script (Windows)Logon Script (Windows)1
Deobfuscate/Decode Files or Information		Security Account Manager3
Virtualization/Sandbox Evasion		SMB/Windows Admin SharesData from Network Shared Drive2
Non-Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook21
Obfuscated Files or Information		NTDS2
Process Discovery		Distributed Component Object ModelInput Capture3
Application Layer Protocol		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
Software Packing		LSA Secrets1
System Network Configuration Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
DLL Side-Loading		Cached Domain Credentials1
File and Directory Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup ItemsCompile After DeliveryDCSync43
System Information Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1555760 Sample: OBS-Studio-30.2.3-Windows-I... Startdate: 14/11/2024 Architecture: WINDOWS Score: 52 50 ipinfo.io 2->50 52 171.39.242.20.in-addr.arpa 2->52 58 Uses known network protocols on non-standard ports 2->58 60 Sigma detected: Rare Remote Thread Creation By Uncommon Source Image 2->60 9 OBS-Studio-30.2.3-Windows-Installer.exe 243 2->9         started        signatures3 process4 file5 42 C:\Users\user\AppData\...\unicodedata.pyd, PE32+ 9->42 dropped 44 C:\Users\user\AppData\Local\...\select.pyd, PE32+ 9->44 dropped 46 C:\Users\user\AppData\Local\...\python312.dll, PE32+ 9->46 dropped 48 67 other files (none is malicious) 9->48 dropped 62 Found pyInstaller with non standard icon 9->62 13 OBS-Studio-30.2.3-Windows-Installer.exe 9->13         started        signatures6 process7 dnsIp8 54 95.215.204.231, 3000, 49711 ON-LINE-DATAServerlocation-NetherlandsDrontenNL Ukraine 13->54 56 ipinfo.io 34.117.59.81, 443, 49709 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 13->56 16 cmd.exe 1 13->16         started        18 cmd.exe 1 13->18         started        20 cmd.exe 1 13->20         started        22 3 other processes 13->22 process9 process10 24 conhost.exe 16->24         started        34 2 other processes 16->34 26 conhost.exe 18->26         started        36 2 other processes 18->36 28 conhost.exe 20->28         started        38 2 other processes 20->38 30 WMIC.exe 1 22->30         started        32 conhost.exe 22->32         started        40 2 other processes 22->40

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
OBS-Studio-30.2.3-Windows-Installer.exe11%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_multiprocessing.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_overlapped.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_queue.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\_wmi.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md__mypyc.cp312-win_amd64.pyd0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography\hazmat\bindings\_rust.pyd5%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\libffi-8.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\libssl-3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\python312.dll5%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\select.pyd3%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\METADATA0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info\METADATA0%ReversingLabs
C:\Users\user\AppData\Local\Temp\_MEI44642\unicodedata.pyd3%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://toml.io/en/v1.0.0).0%Avira URL Cloudsafe
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_into0%Avira URL Cloudsafe
https://packaging.pypa.io/0%Avira URL Cloudsafe
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_if0%Avira URL Cloudsafe
https://jaracotext.readthedocs.io/en/latest/?badge=latest0%Avira URL Cloudsafe
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.bucket0%Avira URL Cloudsafe
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_when0%Avira URL Cloudsafe
https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=readme0%Avira URL Cloudsafe
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliding_window0%Avira URL Cloudsafe
https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consume0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
ipinfo.io
34.117.59.81
truefalse
    		high
    171.39.242.20.in-addr.arpa
    		unknown
    		unknownfalse
      		high

      URLs from Memory and Binaries

      NameSourceMaliciousAntivirus DetectionReputation
      https://github.com/jaraco/keyring/commit/a85a7cbc6c909f8121660ed1f7b487f99a1c2bf7OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
        		high
        https://img.shields.io/pypi/pyversions/backports.tarfile.svgMETADATA14.0.drfalse
          		high
          https://github.com/python/typing_extensionsMETADATA7.0.drfalse
            		high
            https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.filter_exceptOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
              		high
              https://gitter.im/python/typingMETADATA7.0.drfalse
                		high
                https://setuptools.pypa.io/en/latest/references/keywords.html#keyword-namespace-packagesOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924961685.0000024D28C90000.00000004.00001000.00020000.00000000.sdmpfalse
                  		high
                  https://readthedocs.org/projects/jaracofunctools/badge/?version=latestOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                    		high
                    http://crl.dhimyotis.com/certignarootca.crl0OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmpfalse
                      		high
                      https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_broadcastOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                        		high
                        https://github.com/jaraco/jaraco.text/actions?query=workflow%3A%22tests%22OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drfalse
                          		high
                          https://docs.python.org/3/library/importlib.html#module-importlib.resourcesOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA16.0.drfalse
                            		high
                            https://github.com/tensorflow/datasets/blob/master/tensorflow_datasets/core/utils/resource_utils.py#OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpfalse
                              		high
                              https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.random_productOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                		high
                                https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.groupby_transformOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                  		high
                                  https://importlib-metadata.readthedocs.io/METADATA15.0.drfalse
                                    		high
                                    https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.sliding_windowOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://docs.python.org/3.11/library/binascii.html#binascii.a2b_base64OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28AE8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2097485729.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105252245.0000024D28BC9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2100591619.0000024D28BC9000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2095588374.0000024D28BAE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2105152281.0000024D28BC4000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_ifMETADATA2.0.drfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://github.com/pypa/packagingOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925624451.0000024D292C0000.00000004.00001000.00020000.00000000.sdmp, METADATA3.0.drfalse
                                        		high
                                        http://www.opensource.org/licenses/mit-license.phpLICENSE10.0.dr, LICENSE6.0.drfalse
                                          		high
                                          https://blog.jaraco.com/skeletonOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2077794629.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2071378205.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA14.0.dr, METADATA0.0.dr, METADATA15.0.dr, METADATA.0.dr, METADATA18.0.dr, METADATA16.0.dr, METADATA10.0.dr, METADATA17.0.dr, METADATA1.0.drfalse
                                            		high
                                            https://tools.ietf.org/html/rfc3610OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.all_uniqueOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                		high
                                                https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.partial_productOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                  		high
                                                  https://img.shields.io/pypi/pyversions/inflect.svgOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drfalse
                                                    		high
                                                    https://github.com/jaraco/zipp/actions/workflows/main.yml/badge.svgMETADATA10.0.drfalse
                                                      		high
                                                      https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.map_exceptOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                        		high
                                                        https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.takewhile_inclusiveOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                          		high
                                                          https://tidelift.com/subscription/pkg/pypi-jaraco.text?utm_source=pypi-jaraco.text&utm_medium=readmeOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.ExecutionLoader.get_filenameOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D28540000.00000004.00001000.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.powersetOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                              		high
                                                              https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.zip_offsetOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                		high
                                                                https://urllib3.readthedocs.io/en/latest/advanced-usage.html#https-proxy-error-http-proxyOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926096280.0000024D29930000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://github.com/python/typing_extensions/issuesMETADATA7.0.drfalse
                                                                    		high
                                                                    https://github.com/jaraco/jaraco.context/actions?query=workflow%3A%22tests%22OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                      		high
                                                                      https://pypi.org/project/build/).OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925936397.0000024D29700000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925785960.0000024D294E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://wwww.certigna.fr/autorites/0mOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.pad_noneOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                            		high
                                                                            https://dev.to/martinheinz/tour-of-python-itertools-4122OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                              		high
                                                                              https://github.com/python/cpython/blob/839d7893943782ee803536a47f1d4de160314f85/Lib/importlib/readerOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://github.com/python/cpython/issues/86361.OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2096336611.0000024D28F18000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://tidelift.com/subscription/pkg/pypi-inflect?utm_source=pypi-inflect&utm_medium=readmeOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drfalse
                                                                                    		high
                                                                                    https://img.shields.io/pypi/v/zipp.svgMETADATA10.0.drfalse
                                                                                      		high
                                                                                      https://github.com/pyca/cryptography/workflows/CI/badge.svg?branch=mainOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drfalse
                                                                                        		high
                                                                                        https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-fileOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmpfalse
                                                                                          		high
                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.Loader.exec_moduleOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924553559.0000024D28780000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://docs.python.org/3/library/importlib.html#importlib.abc.MetaPathFinder.invalidate_cachesOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924553559.0000024D28780000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://img.shields.io/pypi/v/inflect.svgOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drfalse
                                                                                                		high
                                                                                                https://cryptography.io/en/latest/installation/OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drfalse
                                                                                                  		high
                                                                                                  https://docs.python.org/3.8/library/zipfile.html#path-objectsMETADATA10.0.drfalse
                                                                                                    		high
                                                                                                    https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.ncyclesOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                      		high
                                                                                                      https://readthedocs.org/projects/PROJECT_RTD/badge/?version=latestMETADATA10.0.drfalse
                                                                                                        		high
                                                                                                        https://github.com/pypa/setuptools/issues/417#issuecomment-392298401OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925785960.0000024D294E0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consumeOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://toml.io/en/v1.0.0).METADATA5.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://jaracotext.readthedocs.io/en/latest/?badge=latestOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_whenOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.consumerOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                            		high
                                                                                                            http://www.cert.fnmt.es/dpcs/OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926364245.0000024D29CB0000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://github.com/toml-lang/compliance)METADATA5.0.drfalse
                                                                                                                		high
                                                                                                                https://github.com/hukkin/mdformat-toc)METADATA5.0.drfalse
                                                                                                                  		high
                                                                                                                  https://google.com/mailOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925120882.0000024D28EDE000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D291F6000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3925454193.0000024D2916A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://img.shields.io/pypi/v/importlib_metadata.svgOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drfalse
                                                                                                                      		high
                                                                                                                      https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combination_with_replaceOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                        		high
                                                                                                                        https://github.com/jaraco/backports.tarfile/actions/workflows/main.yml/badge.svgMETADATA14.0.drfalse
                                                                                                                          		high
                                                                                                                          https://github.com/pyca/cryptography/issuesMETADATA9.0.drfalse
                                                                                                                            		high
                                                                                                                            https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.intersperseOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                              		high
                                                                                                                              https://readthedocs.org/projects/inflect/badge/?version=latestOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drfalse
                                                                                                                                		high
                                                                                                                                http://html4/loose.dtdOBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.collapseOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                    		high
                                                                                                                                    https://tools.ietf.org/html/rfc7231#section-4.3.6)OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2106264302.0000024D28AE8000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28A80000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D29045000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2107336703.0000024D2906B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.oneOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                        		high
                                                                                                                                        https://pypi.org/project/jaraco.textOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2081543552.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA1.0.drfalse
                                                                                                                                          		high
                                                                                                                                          https://docs.python.org/3/library/importlib.html#importlib.abc.PathEntryFinder.find_specOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924431057.0000024D285BC000.00000004.00001000.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://github.com/urllib3/urllib3/issues/2920OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3926176043.0000024D29B30000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://packaging.pypa.io/METADATA3.0.drfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://docs.python.org/3/library/importlib.html#importlib.abc.ResourceLoader.get_dataOBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924116562.0000024D26C56000.00000004.00000020.00020000.00000000.sdmp, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000003.2088808887.0000024D2888E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://github.com/jaraco/jaraco.functools/actions?query=workflow%3A%22tests%22OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2080381294.000002233555D000.00000004.00000020.00020000.00000000.sdmp, METADATA0.0.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.countableOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.matmulOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.prependOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://github.com/python/importlib_metadata/actions?query=workflow%3A%22tests%22OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2069565648.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA15.0.drfalse
                                                                                                                                                          		high
                                                                                                                                                          https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.product_indexOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://github.com/hukkin/tomliMETADATA5.0.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://badges.gitter.im/python/typing.svg)METADATA7.0.drfalse
                                                                                                                                                                		high
                                                                                                                                                                https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.set_partitionsOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://www.quovadisglobal.com/cps0OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3924806383.0000024D28C66000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.onlyOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://cryptography.io/en/latest/changelog/OBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.bucketOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.distinct_permutationsOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://github.com/pyca/cryptography/issues/9253OBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927610189.00007FF8A7AE1000.00000040.00000001.01000000.00000014.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://mail.python.org/mailman/listinfo/cryptography-devOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2063103235.0000022335558000.00000004.00000020.00020000.00000000.sdmp, METADATA9.0.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.split_intoOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://pypi.org/project/zippMETADATA10.0.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://github.com/jaraco/inflect/actions/workflows/main.yml/badge.svgOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2075984219.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA17.0.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://more-itertools.readthedocs.io/en/stable/api.html#more_itertools.nth_combinationOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://readthedocs.org/projects/jaracocontext/badge/?version=latestOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2079653233.000002233555A000.00000004.00000020.00020000.00000000.sdmp, METADATA.0.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://readthedocs.org/projects/more-itertools/badge/?version=latestOBS-Studio-30.2.3-Windows-Installer.exe, 00000000.00000003.2082423542.0000022335561000.00000004.00000020.00020000.00000000.sdmp, METADATA2.0.drfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://.jpgOBS-Studio-30.2.3-Windows-Installer.exe, OBS-Studio-30.2.3-Windows-Installer.exe, 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpfalse
                                                                                                                                                                                          		high

                                                                                                                                                                                          World Map of Contacted IPs

                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                          Public IPs

                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                          95.215.204.231
                                                                                                                                                                                          		unknownUkraine
                                                                                                                                                                                          		204601ON-LINE-DATAServerlocation-NetherlandsDrontenNLfalse
                                                                                                                                                                                          34.117.59.81
                                                                                                                                                                                          		ipinfo.ioUnited States
                                                                                                                                                                                          		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse

                                                                                                                                                                                          General Information

                                                                                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                          Analysis ID:1555760
                                                                                                                                                                                          Start date and time:2024-11-14 12:32:13 +01:00
                                                                                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                                                                                          Overall analysis duration:0h 10m 9s
                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                          Report type:full
                                                                                                                                                                                          Cookbook file name:default.jbs
                                                                                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                          Run name:Run with higher sleep bypass
                                                                                                                                                                                          Number of analysed new started processes analysed:24
                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                          Technologies:
                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                          Sample name:OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                          Classification:mal52.troj.evad.winEXE@34/191@2/2
                                                                                                                                                                                          EGA Information:
                                                                                                                                                                                          • Successful, ratio: 100%
                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                          • Successful, ratio: 85%
                                                                                                                                                                                          • Number of executed functions: 65
                                                                                                                                                                                          • Number of non-executed functions: 154
                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                          • Found application associated with file extension: .exe
                                                                                                                                                                                          • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                          • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                          Warnings

                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.109.210.53, 2.22.50.131, 2.22.50.144, 13.95.31.18, 20.242.39.171, 4.175.87.197, 52.149.20.212
                                                                                                                                                                                          • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, ocsp.digicert.com, ocsps.ssl.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
                                                                                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtQueryVolumeInformationFile calls found.
                                                                                                                                                                                          • VT rate limit hit for: OBS-Studio-30.2.3-Windows-Installer.exe

                                                                                                                                                                                          Simulations

                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                          No simulations

                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                          IPs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          34.117.59.81FormulariomillasbonusLATAM_GsqrekXCVBmUf.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          172.104.150.66.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          VertusinstruccionesFedEX_66521.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          UjbjOP.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          I9xuKI2p2B.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                                                                                                          • ipinfo.io/ip
                                                                                                                                                                                          build.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/ip
                                                                                                                                                                                          YjcgpfVBcm.batGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          lePDF.cmdGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json
                                                                                                                                                                                          6Mpsoq1.php.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • ipinfo.io/json

                                                                                                                                                                                          Domains

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          ipinfo.iohttps://www.bing.com/ck/a?!&&p=35f7ac11749086c457664a8010a84bc638d369283c719578d3701e6e769d80e3JmltdHM9MTczMDg1MTIwMA&ptn=3&ver=2&hsh=4&fclid=33680f6e-3a94-6c3f-27a6-1a423bb96ddc&psq=site%3Ahttps%3A%2F%2FChiefOfStaff.site&u=a1aHR0cHM6Ly93d3cuY2hpZWZvZnN0YWZmLnNpdGUvd2hhdC1hcmUtdGhlLWtleS1wcmluY2lwbGVzLW9mLW9wZXJhdGlvbnMtbWFuYWdlbWVudA#taehwan.lee@hdel.co.krGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          https://www.google.com/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rqjkphmdlmFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/RTupG#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          Sara.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          Sara.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=xqrhyulnFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/9lotF#c2ouY2hvaTFAaGRlbC5jby5rcg==Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          List Furniture.batGet hashmaliciousPython Stealer, BraodoBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          BB.batGet hashmaliciousBraodoBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          https://E.vg/FoedcaVhTGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          https://load.contbot.com.br/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          SecuriteInfo.com.Trojan.Siggen29.64132.8972.20040.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81

                                                                                                                                                                                          ASNs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                          ON-LINE-DATAServerlocation-NetherlandsDrontenNL5yTEUojIn0.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.83.175.91
                                                                                                                                                                                          DihoyYp8ie.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          • 45.88.76.207
                                                                                                                                                                                          Vl9Yz1UB1a.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          • 77.83.175.91
                                                                                                                                                                                          PtGMWtcZF0.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.83.175.91
                                                                                                                                                                                          yjNy22UmmY.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.83.175.91
                                                                                                                                                                                          g8Z5OO8o6p.exeGet hashmaliciousStealc, VidarBrowse
                                                                                                                                                                                          • 77.83.175.91
                                                                                                                                                                                          pUxjpMo3jy.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.220.212.32
                                                                                                                                                                                          hmCj47OtqK.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.220.212.32
                                                                                                                                                                                          G5SNsomm2h.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.220.212.32
                                                                                                                                                                                          uXLmpbLJnV.exeGet hashmaliciousStealcBrowse
                                                                                                                                                                                          • 77.220.212.32
                                                                                                                                                                                          GOOGLE-AS-APGoogleAsiaPacificPteLtdSGbotnet.x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                          • 34.66.215.38
                                                                                                                                                                                          PDFXVwer.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.224.112
                                                                                                                                                                                          file.exeGet hashmaliciousAmadey, Credential Flusher, StealcBrowse
                                                                                                                                                                                          • 34.117.188.166
                                                                                                                                                                                          https://protect-us.mimecast.com/s/18vfCQWNWqS1V8BlCPhEHGoqRRGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.162.98
                                                                                                                                                                                          https://www.bing.com/ck/a?!&&p=35f7ac11749086c457664a8010a84bc638d369283c719578d3701e6e769d80e3JmltdHM9MTczMDg1MTIwMA&ptn=3&ver=2&hsh=4&fclid=33680f6e-3a94-6c3f-27a6-1a423bb96ddc&psq=site%3Ahttps%3A%2F%2FChiefOfStaff.site&u=a1aHR0cHM6Ly93d3cuY2hpZWZvZnN0YWZmLnNpdGUvd2hhdC1hcmUtdGhlLWtleS1wcmluY2lwbGVzLW9mLW9wZXJhdGlvbnMtbWFuYWdlbWVudA#taehwan.lee@hdel.co.krGet hashmaliciousOutlook Phishing, HTMLPhisherBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          http://swctch.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.77.79
                                                                                                                                                                                          https://www.google.com/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rqjkphmdlmFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Ftao.bb/RTupG#dGFla3l1LmtpbUBoeXVuZGFpZWxldmF0b3IuY29tGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          Sara.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          Sara.exe.bin.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          • 34.117.59.81
                                                                                                                                                                                          g8mWOXwcID.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                          • 34.117.188.166

                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                          No context

                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                          No context

                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_ARC4.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9728
                                                                                                                                                                                          Entropy (8bit):6.721315996050753
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:d72Y51IktHYsaMiUBskpKf/otjOKZ7kYBbPJBj34lVhXg246ae7sXtpHqrd3ejL3:dz51IkJYevIfKJZ7kYj273QJXpHk
                                                                                                                                                                                          MD5:2C3D55E57EEA6B6E4A4BE649FD1069F9
                                                                                                                                                                                          SHA1:C938D6517AC0A3AA9C47B6F301D04C11AF8A6C6E
                                                                                                                                                                                          SHA-256:744C676D333163AD81D24B266E5133611C584F5A580C5082701D3FD6A8D201FD
                                                                                                                                                                                          SHA-512:4EAC0018F6F983BB37975EB56E514AE3CDBA8DCF1DC9F955F81731EBA25F2A545A16D9E81F335CDC5EC17F752346B71B5698BB53A0D58CCAB93F3D191E225D26
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...Y..f.........." ..... .......p........................................................`.........................................L..........\............@.........................................................8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_Salsa20.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):7.041585504283436
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:tLbomJb7eLg42ufSAky4s3YeQ807tu/kbBkYj273QJXbnV/9K:BtqICvor/bBZa7gJXxl
                                                                                                                                                                                          MD5:BB7724B47B6C1F3B0CFB0AB6848A9FC8
                                                                                                                                                                                          SHA1:5A39391C4FA51ECE3E53ECC415E47C918FF970CF
                                                                                                                                                                                          SHA-256:6CAB5277B070D1F420E90CCB80F97EA558BCE8EFF43768A6C0B818EF0E778501
                                                                                                                                                                                          SHA-512:55AC24A7581BD80DBA7D86D04B90A42B54DBFAB51D1C2476811F247515FC410A4DA4775305711C576636B677B503F2F94C96469DF94647F5217832E7934DD5F0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." .....0.......p........................................................`.........................................L..........\............P..L.......................................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_chacha20.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):7.039259241149234
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:hCbomJb7MQtHa66PQrMd4E+KkYj273QJXhnFvk7G9lk:Et46a6yGKZa7gJXvs7G9
                                                                                                                                                                                          MD5:E6D25BE0BCC8093F9E79D9042B7B427F
                                                                                                                                                                                          SHA1:6F0D62061A017A71DB7CA64F2F23BC0C659B3C9C
                                                                                                                                                                                          SHA-256:CE9B0D915101455F3D1D15B0E28F23AF69EBD34F050D43DA8F7C2CEABFD92C76
                                                                                                                                                                                          SHA-512:0E55928F51187A590A318FBBBB699E8FB4BE364188177A397800E952A87D6817BD4393BF06A7E2CB8F991DD1004C675AE4738B74E8ED4FE594F82BDFD09E52C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...Z..f.........." .....0.......p..p.....................................................`.........................................L..........\............P..d...................................................p...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_pkcs1_decode.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):7.0019849554229
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:rKC1XDqrH2n4sOK4niou4uiCQxU4kYj273QJXQnII:rTqrymK45oipxU4Za7gJX/
                                                                                                                                                                                          MD5:FD2D370103167D927EEBA5FF9573430D
                                                                                                                                                                                          SHA1:420215D7D9F474797402987431A487AC40EC6F8A
                                                                                                                                                                                          SHA-256:FED9DE86E007141EC486E420059E3D841752EA0C7D452056735D11E7C4B16700
                                                                                                                                                                                          SHA-512:1894324A905D40C11AF3285F043CC655BC4CDBFE8F62BB8234199910748FD2DE10AD75369259CDFCE9521D11AF585C009D2B046ED22D778EAB04092EE513C8DD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...X..f.........." .....0.......p..P.....................................................`.........................................L..........\............P..(..................................................P...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aes.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):17920
                                                                                                                                                                                          Entropy (8bit):7.44538276790286
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:dSfcMEwreSc6PXpaxRH1c9+z0QBuR1C+u/s6ficwcHuANwM5mqzukYj273QJXxwK:QfNEwreK8tSUDubR9UHuo5qZa7gJXKK
                                                                                                                                                                                          MD5:7FCE96038B14661B6FACBE02D714C219
                                                                                                                                                                                          SHA1:388809935844936CB874F21630A44A6DC2C23FB8
                                                                                                                                                                                          SHA-256:8E2CEF1B7744A3AFAA06E300E6332EDAE9EB8641A6E37687A3A96A1F15C7E1A5
                                                                                                                                                                                          SHA-512:0536CD949E25E733A042D23B731B1FB3E80DC1FB42CDCD9EEFEC8109CB8B7190D574A0D93EE654215E7EBE11ABC6ABE42139BD1C93A2F4F628BF2FAA4715AA8D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." .....@..........P........................................ ............`.........................................L...........\...................................................................P...8...........................................UPX0....................................UPX1.....@.......>..................@....rsrc................B..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_aesni.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                          Entropy (8bit):7.10750060735988
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:qA1KyAngDiTMsaxwpQSkKtqH59DzIre69y6ESPIFF2GWTkYj273QJXlEnPVW:MyA8Enayu6oZzIz9y6EI2FhWTZa7gJX6
                                                                                                                                                                                          MD5:75DEE2AE97414A67497CB13A7E4CB455
                                                                                                                                                                                          SHA1:1EBE78A17602BF598469C6A31D0F8F325D9049F0
                                                                                                                                                                                          SHA-256:29B61F0670BA8AF9FF037CAF76196F823CA6C27D7B2DF1BFF80DFF9E8B30AC5E
                                                                                                                                                                                          SHA-512:B6A113A738148CD2F3B10F5184A7AD8ABBBD54E5A125F86C92AB9FFBC45180D579EF5DCEF1B405602BA23DA4EA5F5BADB650FB7E6BDF64DC898ED5FD8CF18AA0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.z.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." .....0.......p........................................................`.........................................L..........\............P.........................................................8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_arc2.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):7.098444004640404
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:lHRdBLsPZK1vko/1NzFXHDLAN4RzV/uKOJukYj273QJXWH5A:lHxsivPTzF3DLNPu/JuZa7gJX0A
                                                                                                                                                                                          MD5:DD09C764BC8FCDDF8F8FA092EADB070D
                                                                                                                                                                                          SHA1:0ACDB5D9325E1EEF56ED4D6F75F121F1019DE49F
                                                                                                                                                                                          SHA-256:F0333175C8B5AAA48D0C68ED1030A1F1F49209F77407850F90D3526B4BDDE662
                                                                                                                                                                                          SHA-512:AC0CBF58DBD4636152B0D27D4E72060EFDE24A1FC23648108DFE21C27E41EB1374A45D411B3AC91A428BC0775EC66357DB03BDF73C85C1800AB827E56F4B0D23
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....0...............................................................`.........................................L...........\............`.........................................................8...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_blowfish.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                          Entropy (8bit):7.366658234710816
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:JcwvnyaqcefIn88uRQ/dIVrrnFqrFCJZZoXfXTkYj273QJXtnbR:JzfvuRKIdi6ZZo/TZa7gJXlR
                                                                                                                                                                                          MD5:50FB3B6DFC6A1B6DE592B659A9C28919
                                                                                                                                                                                          SHA1:BEABF5C7F1F70E852FDCEAF3355EDDB84CB7E3F6
                                                                                                                                                                                          SHA-256:BE0FB3C7C36C10F62B163979682FBE8215411C97D4E6AB76A33032B687660341
                                                                                                                                                                                          SHA-512:D9795DD1B0AAFADA0C6D0F573B193AAAB5BCCC052A66ED49C26AF112F6A7D58D95E8D8AB79172D055249CC1825E5BBDA8D459F9783FC15A140D60D7E251F1E2C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....@................................................................`.........................................L...........\............p..........................................................8...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cast.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):7.555212764163484
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:Q9OoXmDJJfsg/XTsJaMEgotWVKOVBVvHQ5X5y35Za7gJX0p:zoXqnVXTs/r95VBVf+XUpkp
                                                                                                                                                                                          MD5:573233E4FBF0FA3DB814355658D02152
                                                                                                                                                                                          SHA1:D9AA00FAD89D13D33BDCBF0064EF539F74F901ED
                                                                                                                                                                                          SHA-256:744A5A729D6D5D59E255F01E8132E255D9526D30880DF953F7C10F88F88484B4
                                                                                                                                                                                          SHA-512:1046716B1E78AA162FA51E8E6C498E63DF08BC63A226B5D87CB5B0F8116114277723FAD8BE8A3C1D1FD91EF6F09A112E00DB1FAEB7E108D51DA31256810CD315
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...W..f.........." .....P................................................................`.........................................L...........\.......................................................................8...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cbc.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):6.764641078478404
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:frOwIMFi0ZIPRKLZm2HIKI7FAqjkYj273QJX93qz:frKMFiFKLZzHILPjZa7gJXA
                                                                                                                                                                                          MD5:0AC9D452043A7FEBF5E6E6475AECE8E3
                                                                                                                                                                                          SHA1:3854D5B4D9C17F22D4D079E15E25FC6B67E5D007
                                                                                                                                                                                          SHA-256:E0E499CDC6AA3DA978EF259185874773BFE5D57DE62B65FC6BD1025291A50012
                                                                                                                                                                                          SHA-512:C2580353FACD614773BD220C2BAADC77E614C41905EC785E1ED0BCE6B06146EC45A09CACFFA05E6187E184F642186DA64A93B195329455E94157ECE34ED68C0C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...X..f.........." ..... .......p..@.....................................................`.........................................L..........\............P..X...................................................@...8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_cfb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):6.915975887591388
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:kSoS3cBJuphELbARkRzWJ9v07xyhAEkgDkYj273QJXXnYvo:5i/ACRzcvW2AENDZa7gJXA
                                                                                                                                                                                          MD5:2C7FAEEC165C5485951EEACF21A2BF94
                                                                                                                                                                                          SHA1:118FC5036890C59C78F5A96519B20EE723A07E97
                                                                                                                                                                                          SHA-256:3A5AB5C020DA800C8EA4E7D75C27C83C42B449B33993728B22E308AC2779FAA6
                                                                                                                                                                                          SHA-512:2ACF66AD52295EA62B80018EDCB4997187A992BBF01CDC5D54D4796C2289A2C967D00861BB0BD903DE714808F1BF44EE65B39078AB89C673F8A73FD84F82AB3C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^..6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...Jk.7?...J..7?..Rich6?..................PE..d...Y..f.........." .....0.......p........................................................`.........................................L..........\............P..d.......................................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ctr.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                          Entropy (8bit):6.90005278335116
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:vFKPs19OtUVkzxt8b3jKdr7LxHZkYj273QJX1nGf:vAo9OtPGbGd3VHZZa7gJXU
                                                                                                                                                                                          MD5:BCE5672E2D78D26EF52073FFA956F2EE
                                                                                                                                                                                          SHA1:1FA18E661C39A55B4AA4C08C52A53F9259EB91D3
                                                                                                                                                                                          SHA-256:DAC8E5B99A57F689C1BD5A24C5C58CB99569EEA0C5B9BC16856B3B59D98A6732
                                                                                                                                                                                          SHA-512:D66AB52AB067443097CC386E4F9D9A056DA391766E70E7C6BD50EC9161B652E5B10669CA7BEFB0C32C78CD3F79B1B12FEEFECE264CBCC95A53DDFFD09276E330
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^z.6?..6?..6?..?G..2?..dJ..4?..}G..5?..6?...?..dJ..<?..dJ..>?..dJ..5?...J..7?...J..7?...J..7?...J..7?..Rich6?..........................PE..d...Y..f.........." .....0.......p.. .....................................................`.........................................L..........\............P...................................................... ...8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):17408
                                                                                                                                                                                          Entropy (8bit):7.452747043036153
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:PXqmPF0yHaseAZ2OC4uCDeR0IjhP0G2yZa7gJXQ:PXPajsw41Gjj20pg
                                                                                                                                                                                          MD5:00FC3F2144FF56678607748101C7F1E2
                                                                                                                                                                                          SHA1:1301656C0E8446CFF423FA557A7078FF304C31B5
                                                                                                                                                                                          SHA-256:F0B4E1207867CBD686F9233D69011DD007CF3C939715E46C4D3A600AD506A3C0
                                                                                                                                                                                          SHA-512:D12C65473957CAEC8890CEA77CF3F2B8E9D7768418A3A3218B65B1DFBECD9EA12124E1062E5500112EE323F1200AC41A0E9B9DF3451F7AE40C8BA91372956D67
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....@...........M... ...................................p............`.........................................Lb.......`..\....`..........l............b.......................................Y..8...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_des3.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):17408
                                                                                                                                                                                          Entropy (8bit):7.527632457434857
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:rXqvtGBvrj1exl5PSYSI5SFDzgN4LZa7gJXn:ry0BTMgYFAFD8CpX
                                                                                                                                                                                          MD5:068E483215972613E4EBD09E98D946A2
                                                                                                                                                                                          SHA1:8D9AAA7407C997B6C7AEC847DF2DE08B1FE0056A
                                                                                                                                                                                          SHA-256:A6986EE5D6C5EB6B564175DF0D6D47CD18E642C7F5AF9C93EBF5B4E4F98991D1
                                                                                                                                                                                          SHA-512:4EEAEA8A75F92850F70A4051FC0387EED65BAA8BC4AB0488CA54B70338FC6D0DA3DFE42028BDD3657C03C01AAD256C6A86D88109F945C8BBAC768752CD0C2D9E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........PK..1%..1%..1%..I...1%.D$..1%.I$..1%..1$..1%.D ..1%.D!..1%.D&..1%..D-..1%..D%..1%..D...1%..D'..1%.Rich.1%.........................PE..d...X..f.........." .....@...........N... ...................................p............`.........................................Lb.......`..\....`.......................b.......................................Z..8...........................................UPX0....................................UPX1.....@... ...<..................@....rsrc........`.......@..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ecb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9216
                                                                                                                                                                                          Entropy (8bit):6.747246956175954
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:w51jwkl3nSW/ZHd8M/Y6tkYj273QJXpHz:w5CkwWtSMA6tZa7gJXZ
                                                                                                                                                                                          MD5:70D8E6DD3124AB7FE5D7F23F0A0E774A
                                                                                                                                                                                          SHA1:6AF7FC8D3867F4A3BFF72A7D4346B2D4AB3FD9E9
                                                                                                                                                                                          SHA-256:8A98084750A04005AD051C234CF0E1C42219FE04B4DCAF0F83D9B475170BDD4F
                                                                                                                                                                                          SHA-512:8C5B3E4C5875AB6BA436455D11D6BEB75113661AEECBFEB94F4AFDDA5B2BCF7FF87C3C91A0B75CEFAC65F1262848221225EBF36753A271DDB0418353D5F8E798
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ..... .......p........................................................`.................................................................@..........................................................8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_eksblowfish.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15872
                                                                                                                                                                                          Entropy (8bit):7.38810398376641
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:6zW51OWrPlPXRWkplBxnEgTa+Za7gJXaf:6zW51O4lPBJpTLTLpq
                                                                                                                                                                                          MD5:EFB8BED8E7491FC9883D48ADC5D76BBF
                                                                                                                                                                                          SHA1:25812983173F9DCC0433CF4D6491D031A8F79C61
                                                                                                                                                                                          SHA-256:17E8532C25E805F54E262CF9FF6ED319F47CE14F4CBEA8A2EA73D754A93EA048
                                                                                                                                                                                          SHA-512:CC550C2991543390E10CEB9BA0C336B9826443D0D4E9FFE9E70D58D83BE974F63C673B7A9F7AB0E880A85DD9F728B50FBBB5FBA80F10567A926C93F30552FC41
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...W..f.........." .....@...............................................................`.........................................L...........\............p..........................................................8...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ocb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11776
                                                                                                                                                                                          Entropy (8bit):6.95443292187247
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:c3LNqWu7xr5InY8MmVO+AHO4dgOSeWNkYj273QJXRHPnX:6vuZ/3xHO4dxSeIZa7gJX1X
                                                                                                                                                                                          MD5:EEFBC381AE6016973E31C217B6D758B0
                                                                                                                                                                                          SHA1:B165774E0769313E8A6D45A1902E45E132922216
                                                                                                                                                                                          SHA-256:184059ED9AD6799279F0817A4D648FF1CDA38C81257E87FFCE2751FF678758E9
                                                                                                                                                                                          SHA-512:7274E22ED75C5B5F9D1D8598C3798337F7EF2E59E33781CA9F1CD2082CF0049B1CF0913E8F7CEB1171CD2E126A6485C465C895F13293A5ABD0AE83D1AB9AB071
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Y..f.........." .....0...............................................................`.........................................L...........\............`..............H..........................................8...........................................UPX0....................................UPX1.....0.......&..................@....rsrc................*..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Cipher\_raw_ofb.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):6.708259135829596
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:8rOwIMFi0ZIPRK4EtpwEHW8hVkYj273QJXD3pT:8rKMFiFK4KL28hVZa7gJXV
                                                                                                                                                                                          MD5:0A79C221757B55CAE16EA338D7654471
                                                                                                                                                                                          SHA1:FB92B8A30F8FF8660E9C27856D3E8807BBE7CB12
                                                                                                                                                                                          SHA-256:9B863433A00515B060B379AB481D2DEE787A491E1EE29AF959DAE525002613DC
                                                                                                                                                                                          SHA-512:43325FF05B33389966AEB9A1B426442BFB4452A3DEC239D0B22EF063F92445893B7B822C69ED10B95C0D0F72E47632F1AB3884BE16604BD767AB735B469F4D85
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...Y..f.........." ..... .......p........................................................`.........................................L..........\............P..X.......................................................8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2b.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                          Entropy (8bit):7.069717543323313
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:MTrOwIMFi0ZI2ZdnYIvCVCZK+vkYj273QJX1nre30:irKMFiKZdnScZ5vZa7gJXdO
                                                                                                                                                                                          MD5:5D0106B0D1DA6C2DEDC8455A0BB993EB
                                                                                                                                                                                          SHA1:D5E85DD532390138AF68A445F42AE92F9DA4ED0B
                                                                                                                                                                                          SHA-256:DAAEDCA16C357615439A9A2AE53A1DAD3D5A700DC5F92633337F0D9046F7D388
                                                                                                                                                                                          SHA-512:7698D7D9F98DD332732065C1FD2FDC1A8EEB6840B62A2DE21BD429C5F6FBEDB9E2F8F825D1876A24695A5211B20D77AE0299A045DCD43BD50E25561FADC54DCA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." .....0.......p..0.....................................................`.........................................L..........\............P..@...................................................0...8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_BLAKE2s.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11264
                                                                                                                                                                                          Entropy (8bit):6.999291282196889
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:xfrrOwIMFi0ZI2b8JcuFqNF4m2nlQXku17YhkYj273QJXbnKu3p:FrKMFiKgJcuUNFEeP17YhZa7gJX2+
                                                                                                                                                                                          MD5:E51F40B42EE430C908229A31FA2EF83A
                                                                                                                                                                                          SHA1:C6476C71BA2561E0230AC34E7257A61A86653279
                                                                                                                                                                                          SHA-256:3F882CA1088017E3EDDE8CE31C3F9A1B09016FFDC2BBDA2674DB7CCA7D3F5196
                                                                                                                                                                                          SHA-512:BB4708F1A241ACAD22F6055CD8CD88201D284FFE04CA5A5D2525BD7186A646932E0CFBC464870F3ED0A5E6966D6FA02FD0183C57446BDCF1DBE550DD12052483
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." .....0.......p........................................................`.........................................L..........\............P..@.......................................................8...........................................UPX0.....p..............................UPX1.....0.......$..................@....rsrc................(..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD2.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):6.904240110386442
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:Uk1XDqrH2n4sLKhXRJRzkQMz0jofSYX6NkYj273QJXinoY/R:jqryjyXRLAQE08fQNZa7gJXl8R
                                                                                                                                                                                          MD5:FF4B2138EEB9357ADB7BE377D1DDDDE0
                                                                                                                                                                                          SHA1:721CE94693E5AC7982E9A516D9E1652E3F2E10B4
                                                                                                                                                                                          SHA-256:55B6A3024FA7262E7033F9037D2BA87523F9CA4A52E35C37868F6DEB63B29128
                                                                                                                                                                                          SHA-512:5A413D890350DA7D61A5466818FC72EC5DBFAEBF4F8E85C244E30D5DB9C40AF4E81C9930127A456BFE06D0B3474F2F871FAEE5F1AA6DECC713700E55E8E5FB49
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...Q..f.........." .....0.......p........................................................`.........................................L..........\............P..(...............$.......................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD4.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):6.98436566972705
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:ipgm23TF55OsDTBHeLMU+0w+Ei0J/Tta+UdmtkYj273QJXbnBokQ:7zUsDTt0y+iFUdmtZa7gJX9HQ
                                                                                                                                                                                          MD5:A17DE280D44190CD014E09343E54CCD6
                                                                                                                                                                                          SHA1:0EB4E624E5F1F3BF966213A63FFFD9D015E2B228
                                                                                                                                                                                          SHA-256:7FB778BF2344533D82320DD1D705672B5FCF38B349B87F47C92FF70CB067F800
                                                                                                                                                                                          SHA-512:AEEC47E9C85ACC88F1C3EE21D64059ED460ABB10A070561E764994B6A0C1644B14BAB67BCF9874B55A93468B5C9DC23AF7EEAF66FF2F05989FA7D9E4097FB28B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....0.......p..0.....................................................`.........................................L..........\............P..(...................................................0...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_MD5.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):7.099770958825901
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:Ji1clPrWUqC02ilACSK7TzeWT1ekG4HDQr+Hh2i58gD9uzAOSkYj273QJXZnWa:4ClPrr02SNPSmJG4rMimZSZa7gJXA
                                                                                                                                                                                          MD5:E6A7F81A9AA0B29A3476A1CFAF0DDBAC
                                                                                                                                                                                          SHA1:348CCE3FF894B22023B5BBCEDA64336FDC8FAFE4
                                                                                                                                                                                          SHA-256:0D823DCEE7ED77F047DAFCFF08137834A1300C646563E7AFB7E187085E19B6E0
                                                                                                                                                                                          SHA-512:6F1BA4F4BC9229A093C4F7D5EB166C96D0BA16ACD232A2580AE502A847CE73745862EEB68F52F19613F26383A667B381B9F838B94FC39C2507A9BDAD310047F1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....0.......p........................................................`.........................................L..........\............P..X.......................................................8...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_RIPEMD160.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):7.0861687844835055
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:qLrOwIMFi0ZI+5/f8WjXICC4eGi//I4+qkYj273QJXhnt/u:ArKMFiqhfFXIRhDg4+qZa7gJXX2
                                                                                                                                                                                          MD5:5BB80A4F1F593F61DCC3471419A1BE7D
                                                                                                                                                                                          SHA1:9C93659825014E5D873AFAD998CC66F470BE2825
                                                                                                                                                                                          SHA-256:4E41B0EA25652226B9CDB427362EF2A8EDB65DF4E86D9EF53D81E2BA2AB82203
                                                                                                                                                                                          SHA-512:0629033A9EBEBB06656CFB942C0CFE70FAFF2794206CE0967E32F1515118E6449EF12FD3521BB4DBB093D1F5A9EFC88B1DD32421D5454BDAB859813F8F90F2F3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...U..f.........." .....0.......p........................................................`.........................................L..........\............P..............$...........................................8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA1.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13312
                                                                                                                                                                                          Entropy (8bit):7.2165235597105335
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:x3LNqWu7xr5e0B08ZKY34+170LmTIHeIQUAHp2TkYj273QJXLH68:5vuJRZr/1SSIHSvpaZa7gJX2
                                                                                                                                                                                          MD5:049F934A7D2BC5AFFEF87A89DF5CC205
                                                                                                                                                                                          SHA1:86494A43BBA527B8E4B4926699B74309BDE9F6CE
                                                                                                                                                                                          SHA-256:158875B358E0475A9985104034A9CE62F6F3A7ED191D823B6B70F3E8479EBBCC
                                                                                                                                                                                          SHA-512:12CED430F0FC05D8D70E0EB102EB1E06A8428FE5D84A2CCD3606EA52F1F5B29E55ADBCD1DBC62811DEEA581C44800E717BBED1D7B12B474F0374FB6734050C3C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...R..f.........." .....0...............................................................`.........................................L...........\............`..X...........$..........................................8...........................................UPX0....................................UPX1.....0.......,..................@....rsrc................0..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA224.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                          Entropy (8bit):7.257869356658698
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:T5bL5JdKCy6Lqo3CxYzoA+sm/NdNgtZa7gJXb:TNd86LfCyzoA3mljipL
                                                                                                                                                                                          MD5:A9BC3A0C9E1836F85948B7A7C2741E09
                                                                                                                                                                                          SHA1:A59EDD974D238CCD23A915C6803E5CA2AE59C480
                                                                                                                                                                                          SHA-256:15CC1E598827A614268996561B32476AF9654CAEF9C4A0AA5E9299A9D72C62E6
                                                                                                                                                                                          SHA-512:B2A65FD3AB617ABE7A03C0E3A6E9FCAA957F83FAB92C1DB73574B7D05E6A0DBF0D13B949A70D818645C14A3D651E4F889032E95250976E8BE0F53340EE162589
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....@...............................................................`.........................................L...........\............p..............4... ......................................8...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA256.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14848
                                                                                                                                                                                          Entropy (8bit):7.257827310821981
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:o5bL5JdKCy6L/58g+eYXELL43mi12j9+t4wZa7gJXb:oNd86L/yNjULLK1qo5pL
                                                                                                                                                                                          MD5:75449B954EF15E958A881CE1A58DC089
                                                                                                                                                                                          SHA1:689B4FF7695A9F8389D8C8B768B11E82DA9FA3BE
                                                                                                                                                                                          SHA-256:5B6C42636E89EB321469B51D3468DE51E9B27A3935EB90183CE842036DF68DC5
                                                                                                                                                                                          SHA-512:A8D5E58965E4F52ADAC1750AEBC0FF3C31834B71EDC4C05850B7173C988E0979B09CB2BAC2CFB7599210AFF3C5B5D17DE84E18E91335BC9C7B74CE2DA1E4D8B2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...S..f.........." .....@...............................................................`.........................................L...........\............p..............4... ......................................8...........................................UPX0....................................UPX1.....@.......2..................@....rsrc................6..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA384.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                          Entropy (8bit):7.335277481327763
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:YaQeWO7PzpfLJigFDR0h7UiBKgI0tDZa7gJXd:xWCPlfVh3y7DBS0Vpt
                                                                                                                                                                                          MD5:FD30BE87A7F051B7CEDAD875A4686D8A
                                                                                                                                                                                          SHA1:640AD84B3B00FC7224D8E3E32C93095D12F81807
                                                                                                                                                                                          SHA-256:1257363D570AE540D8654AD5EEF530C3C05A66B1BC4CA58DC4A9845372548BBD
                                                                                                                                                                                          SHA-512:86E31076F0DD0AC91FFD5C4BE8AAB5C6274CD1C73CA9C6FC4B9F219F4B584B1B826B9A69CC35ACE0A5D44DAFF1802F6C8D9EE2B82EF580A88BCEF306300F07B7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....@..........p.....................................................`.........................................L...........\...........................4.......................................p...8...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_SHA512.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15360
                                                                                                                                                                                          Entropy (8bit):7.41112514918361
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:NeaQeWdfOexy9B3MC0uklIrDOxPvZa7gJXQ:NfWg2yjF0GDOxXpg
                                                                                                                                                                                          MD5:12B66552F73FE03F30F546BEE57D7279
                                                                                                                                                                                          SHA1:D0436DFA5EC295BD47DB08D023C4AD4230EFB6B5
                                                                                                                                                                                          SHA-256:810079E59D51AA980C5AD5942E0881CBA44BF40026CCBA58964FC647C5054A90
                                                                                                                                                                                          SHA-512:DB7F548194B677AD0F3A5405D89A21AB2D4BC7772DD9A9048B5015DEBB6A6994B9276A9D8E26483E9610C05874DDCDD3953AD0C8E305E31BDD8804463DD4C5F4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...T..f.........." .....@..........@.....................................................`.........................................L...........\...........................4.......................................@...8...........................................UPX0....................................UPX1.....@.......4..................@....rsrc................8..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_clmul.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):6.965304617922568
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:dGK1CChUEjQPmO8MkWRlRJ/UB6FRsIHkYj273QJXu3bpt:UJVFlUB6jsIHZa7gJX2
                                                                                                                                                                                          MD5:2BF5B7572D7783B266EAF86C749AC484
                                                                                                                                                                                          SHA1:FA2BCEE7C10F6434059B79F5B6AB0EBA5D4A591E
                                                                                                                                                                                          SHA-256:842C28C8687A642BC5C6DD502D730E40E0D71401BCEF5F5809279142241C550D
                                                                                                                                                                                          SHA-512:DAF1DDCE4612B72181DB48399A4BBAF70B8E28F50E6992D3887AEEA7EEBC752985F56627A3DD8772B3AA1B4ABF6A48B4BAA01788DCE5187B3FFE36D19C3E3D72
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^J.6?$.6?$.6?$.?G..2?$.dJ%.4?$.}G%.5?$.6?%..?$.dJ!.<?$.dJ .>?$.dJ'.5?$..J,.7?$..J$.7?$..J..7?$..J&.7?$.Rich6?$.........................PE..d...V..f.........." ..... .......p........................................................`.........................................T..........d............P..........................................................8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_ghash_portable.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10752
                                                                                                                                                                                          Entropy (8bit):6.847627164690376
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:QN1CChUEjQPmO8HCD/yQEVJLflLfB1fiorkYj273QJX8nEJ:3J6A9IJLdfB1fFrZa7gJX3
                                                                                                                                                                                          MD5:10056DFC8DDD44CC06150F093245C160
                                                                                                                                                                                          SHA1:232E225E4559DBC8A230A7FE193138F1993AC54B
                                                                                                                                                                                          SHA-256:D542395F976F9436E5E892D753B4CE5D8D46B98E313DA26519B26757FA24670D
                                                                                                                                                                                          SHA-512:27DD1780B449DA6CF205689691F70775E36705C37425B3F0DF8876EEEFB04830E41D4BE830AD6FE9A9D9783C1364EC4AA63D2E1E198DCEF17987FB33ABA74147
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.:...:...:...3.j.>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...........................PE..d...V..f.........." .....0.......p..0.....................................................`.........................................L..........\............P..X...............$...................................0...8...........................................UPX0.....p..............................UPX1.....0......."..................@....rsrc................&..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_keccak.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12288
                                                                                                                                                                                          Entropy (8bit):7.019759823328802
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:pp1oHdD3VpsdrqkCphVavitay5xyvCBfd9Gkm6orkYj273QJX0nJ7:s3fKTCxavinyaZeAorZa7gJXG
                                                                                                                                                                                          MD5:60625A54C5510D87FB2FC55A33274CF9
                                                                                                                                                                                          SHA1:F98EC281990429FA62D8E24E8E337368930DAAE4
                                                                                                                                                                                          SHA-256:C42B8ACE5CDE98F141301C671E4255E3F132A400396C5E6441F2A95B1E079549
                                                                                                                                                                                          SHA-512:90587C3F669092D5B86CC9F62D00510ACB2E10EC8B0F0AB26960E03C02E86C26360C5A101B4AC924521DC8E55323DC8A2B664AE535A8C259BAECEC306CD3087D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...U..f.........." .....0.......p.......................................................`.........................................L..........\............P..X...........@..........................................8...........................................UPX0.....p..............................UPX1.....0.......(..................@....rsrc................,..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Hash\_poly1305.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11776
                                                                                                                                                                                          Entropy (8bit):7.0330491725625
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:Q6W17kMnWzpM3mXoEdh29xFeOSegeNkYj273QJXtnME:QwMWzpMWXoEbFOSegeNZa7gJXu
                                                                                                                                                                                          MD5:121238CA4832015A2429DD6F3512F833
                                                                                                                                                                                          SHA1:1DC658E4EEC0A731FBEEAE99C64DEF6FAEB85F69
                                                                                                                                                                                          SHA-256:0EC29593189A9321AEA9236CC88A8C9B58B3440E8BE9D7EFD65C85BB7E5C6E4E
                                                                                                                                                                                          SHA-512:26BBBA278FE74DEA8F39F5A41E810783AD18BEFE8579DE552EABECADCE7E3827BFC2D034EE872BF801F9A54BAAF959E9AFB379EB53A4EB1054363D2CCA260AD8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...V..f.........." .....0.......p........................................................`.........................................L..........\............P..|.......................................................8...........................................UPX0.....p..............................UPX1.....0.......&..................@....rsrc................*..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Math\_modexp.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20480
                                                                                                                                                                                          Entropy (8bit):7.582234195865062
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:SVPYY2Eqk95s92Jd5yYA2ocvSmO8wapXyxIgTeS488QKvZa7gJXx:ewY2pk9dHKWvSlDQcI1xph
                                                                                                                                                                                          MD5:93A2FC7C8EB10030EB45B118548B53D5
                                                                                                                                                                                          SHA1:19054EBE282F106CBA676742FF42EFC79DE59837
                                                                                                                                                                                          SHA-256:6E8E5FAA9B7AE63E07693B41799F749093A02E518EBD86DFD688AE734E98C671
                                                                                                                                                                                          SHA-512:DD235FE97EE9A0C4B2FDEBA5F632129865DB3DB86259C02F9D9728511330BECCCF8BE7B1E9B179B729DA2CB4A94C9A68906EEC94FCE81201AE170494BEA76C7A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....P.......... .....................................................`.........................................L...|.......\...............<................................................... ...8...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Protocol\_scrypt.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10240
                                                                                                                                                                                          Entropy (8bit):6.7816437661656
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:rg1QdqOkpEh83hgAXfW2OAAh6wkYj273QJX43Oyb:rbqO+Eh8xgAX+2OZ6wZa7gJXV
                                                                                                                                                                                          MD5:1AC3E0138FF30096F0937F938C902FF7
                                                                                                                                                                                          SHA1:E4F49AF5429FF9A15DD389F984DEDFE43AA7912F
                                                                                                                                                                                          SHA-256:656A6E38AA91EFB8CBA4308551CBE1647A9F76389BAA1B6EF8103633FB3603A1
                                                                                                                                                                                          SHA-512:90B61A6665A88059518889B9439675691D506C88A3A164A5A1B42B765F1C5DECFE64D078E7F969FCFF4746E2B3FDA496FF1C256E6C760A96227726219EC28A53
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r^:.6?T.6?T.6?T.?G..2?T.dJU.4?T.}GU.5?T.6?U..?T.dJQ.<?T.dJP.>?T.dJW.5?T..J\.7?T..JT.7?T..J..7?T..JV.7?T.Rich6?T.........................PE..d...Z..f.........." ..... .......p........................................................`.........................................L...d......\............P..4.......................................................8...........................................UPX0.....p..............................UPX1..... ....... ..................@....rsrc................$..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve25519.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):14336
                                                                                                                                                                                          Entropy (8bit):7.264664149380351
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:0NdFl9xgCYsB43vddIU5PU7XBtKZI0TWTMxpfEVt5jhjBDfuZDkYj273QJXO3R2A:0NdQPj3vdJ87fWT3xy19baDZa7gJXA2
                                                                                                                                                                                          MD5:F6F90127990AA8094A5EE8B64BF5A25F
                                                                                                                                                                                          SHA1:F881DFD0794531A2F23D08D6B4183F32D112FF63
                                                                                                                                                                                          SHA-256:DFAECD1EE60BF8785BE9A3264602E0A0BB28D5DDF983E7705EEC22F79A07794A
                                                                                                                                                                                          SHA-512:324DB41B16C6EBC96FF50F1448BCEF5172E55D105F54DF28AF16CF61352151A792DA157409D1B67BD7B55480D525736A3C62D270ED474BAED09E7D968CD50911
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.g.:...:...:...3...>...h...8...q...9...:.......h...1...h...2...h...9.......;.......;.......;.......;...Rich:...................PE..d...\..f.........." .....0..........P.....................................................`.........................................L...........\............p..............L.......................................P...8...........................................UPX0....................................UPX1.....0.......0..................@....rsrc................4..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_curve448.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26624
                                                                                                                                                                                          Entropy (8bit):7.709093804241634
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:RGkgn0uw0f9tuMgZj6SgoM+mHh8zBhOsbipS:kk60qf1SxM+Sh8zBZbH
                                                                                                                                                                                          MD5:3BC254EB74AA919B1E77C71505306F68
                                                                                                                                                                                          SHA1:0A7D3BB6BA93CAE2CAF41207B60566690C50502D
                                                                                                                                                                                          SHA-256:CCF351CA444227C1B2BBD88B23D965082ED2AB8955BF3218CE15B49B09F17F37
                                                                                                                                                                                          SHA-512:B5F0DCCC9D424D0EFC050B27478A9CF1AC8C75F9ADA8FD321091392C68BBC8F8E25617EAC3983FFB4F9C0DB6CA0B8763E0E41EA4C93925B70EC3AC5C243F54D4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...\..f.........." .....`..........Pa....................................................`.........................................Lr..0....p..\....p....... ..$...........|s......................................Pm..8...........................................UPX0....................................UPX1.....`.......`..................@....rsrc........p.......d..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ec_ws.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):640000
                                                                                                                                                                                          Entropy (8bit):7.998704897182076
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:12288:PIahn0k2jt5j5hjcFCGQNKQ8J2NWqZxjYDHJrX2cQ6GFlBg+cogRfG9jU:P0fX9pcXO/NWixjYrJdCHqVVsZU
                                                                                                                                                                                          MD5:B5DBAC8FEA6E95E9F7D3754FE1C7A198
                                                                                                                                                                                          SHA1:10D08BF86DEEB1E58E1CB2B68601B9B6C17B9738
                                                                                                                                                                                          SHA-256:472151F81BAC50922AEFD2DCCBE7BDA082D15AF95C2749EC95FFF64363F3672C
                                                                                                                                                                                          SHA-512:0F25040CB142E0DB883B8B94B8F757DD1EB77E452B5C279246D9D02AFA6C934E6A79F6BB3B84FD40FA6E3568C209EE19628A9359467584CB0F9AD56325F81E91
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........s.. .. .. ... .. ..!.. ..!.. .. .. ..!.. ..!.. ..!.. \..!.. \..!.. \.r .. \..!.. Rich.. ................PE..d...[..f.........." .............`.......p...................................@............`.........................................L2..h....0..\....0.......................3.......................................*..8...........................................UPX0.....`..............................UPX1.........p......................@....rsrc........0......................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed25519.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15872
                                                                                                                                                                                          Entropy (8bit):7.365125845689717
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:sGBfc1QlWR3bEsLMf6Ufn10euH/4hZa7gJXN1m:sGkQN6awqpd1m
                                                                                                                                                                                          MD5:9234681AE65FF9F6B5278407EDE1D03E
                                                                                                                                                                                          SHA1:1C938927279F0718512496611B69E86CABD8ACA5
                                                                                                                                                                                          SHA-256:FA815A3B065D423DD73A361EBA170C8B6825529F25F4CA3F32968A12BB364CE2
                                                                                                                                                                                          SHA-512:69C3FA558574C950FFCCD1F2BD3A090F8E129BBC221FE03B5C4AA6428C3955871A7E8736C84986BC72DBC502624A052DC50E4053145103A69700E2575A09AB40
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~.G.:.).:.).:.).3...>.).h.(.8.).q.(.9.).:.(...).h.,.1.).h.-.2.).h.*.9.)...!.;.)...).;.).....;.)...+.;.).Rich:.).........................PE..d...]..f.........." .....@..........@.....................................................`.........................................L...0.......\...........................|.......................................@...8...........................................UPX0....................................UPX1.....@.......6..................@....rsrc................:..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\PublicKey\_ed448.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28672
                                                                                                                                                                                          Entropy (8bit):7.764536138341586
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:+YWTbll1RIaPUAc5BjOxy2VANd9N/Q6/HgnhkX4ts6GGZa7gJX7AgM:fablfRBPUAc3j32VANdTQ6fzX4tlprA
                                                                                                                                                                                          MD5:02A9596AD840DCEA60FA6D52F8BEE945
                                                                                                                                                                                          SHA1:3E7A5751187496CF9538347B4B81A42E4532E706
                                                                                                                                                                                          SHA-256:7459473F494866B3828869FA96564FD35D32BD6A7904522BD53084C16763EA2A
                                                                                                                                                                                          SHA-512:AD0E397E12662059B45A313B4E68C00A90F77CA387766257CFF18BE318C77CF16850F44A9FFB0E1821CD2DBA3DDB152FD67FC8121E6772B2B551404B40121576
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:..P~...~...~...w.3.x...,...|...5...}...~...U...,...u...,...v...,...}.......|............._.............Rich~...................PE..d...^..f.........." .....p.......@......P................................................`.........................................L...h.......\............`..l......................................................8...........................................UPX0.....@..............................UPX1.....p...P...h..................@....rsrc................l..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_cpuid_c.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9216
                                                                                                                                                                                          Entropy (8bit):6.706733620766704
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:g51jwkl3nSW/TftRVw61csNbbNkYj273QJXpHj:g5CkwWbft0rs1NZa7gJXJ
                                                                                                                                                                                          MD5:D99FAD915B5F7BEACC6FBFC981EF7C6B
                                                                                                                                                                                          SHA1:DA98B3640D42FEC05C2D7A540E3E06336825F4F0
                                                                                                                                                                                          SHA-256:F82BF7B4856EFB676E05EF34447D03423FF13A8A3F57457A257A4DB7FCB8453F
                                                                                                                                                                                          SHA-512:F9F810CA818CDE0E4D065BD138B99D26D3B8121E2745E3EB23DFA0881E43353ED0384B9658144B5D9FAD15CBB67587A0E44F0DDA5B4E06A8780E33039303E8F6
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...X..f.........." ..... .......p..p.....................................................`.............................................|...................@..............|.......................................p...8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\Crypto\Util\_strxor.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9216
                                                                                                                                                                                          Entropy (8bit):6.702844475658512
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:HohKeeuBxm0jMuCicColTjCu9WkYj273QJXEHj:IhxpgTSu9WZa7gJXw
                                                                                                                                                                                          MD5:E0A33DE4E09E7810A788C9140B26277B
                                                                                                                                                                                          SHA1:8E874FC12BEFC50AB2A91FA2A0F271B60B0BC718
                                                                                                                                                                                          SHA-256:585F0C6B9C0AA6B7C7FCBFA7BBB9FBBD14340A0B65F32E14D75AB80CA2AC5BCB
                                                                                                                                                                                          SHA-512:39088711CC8816E303548653FCDE48666E1427F180EB2DAF18367937151469D03C88371440CB495AAB4AD35DD78269EF7F4C598A96F0AADC64F3B99394979F58
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........@................../....../...../......+.......*......-......&....................,....Rich...........................PE..d...Z..f.........." ..... .......p..p.....................................................`.............................................t...................@..............t.......................................p...8...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................ ..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\VCRUNTIME140.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):109392
                                                                                                                                                                                          Entropy (8bit):6.641929675972235
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:GcghbEGyzXJZDWnEzWG9q4lVOiVgXjO5/woecbq8qZHg2zuCS+zuecL:GV3iC0h9q4v6XjKwoecbq8qBTq+1cL
                                                                                                                                                                                          MD5:4585A96CC4EEF6AAFD5E27EA09147DC6
                                                                                                                                                                                          SHA1:489CFFF1B19ABBEC98FDA26AC8958005E88DD0CB
                                                                                                                                                                                          SHA-256:A8F950B4357EC12CFCCDDC9094CCA56A3D5244B95E09EA6E9A746489F2D58736
                                                                                                                                                                                          SHA-512:D78260C66331FE3029D2CC1B41A5D002EC651F2E3BBF55076D65839B5E3C6297955AFD4D9AB8951FBDC9F929DBC65EB18B14B59BCE1F2994318564EB4920F286
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........u...u...u.E.t...u.....u...t...u..v...u..q...u..p...u..u...u......u..w...u.Rich..u.........PE..d..._#;..........." ...".....`......................................................=.....`A........................................`C..4....K...............p.......\..PO...........-..p............................,..@............................................text............................... ..`.rdata...A.......B..................@..@.data...0....`.......D..............@....pdata.......p.......H..............@..@_RDATA..\............T..............@..@.rsrc................V..............@..@.reloc...............Z..............@..B................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_asyncio.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):38680
                                                                                                                                                                                          Entropy (8bit):7.696873540555824
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:oJSccN4rYjmVdRxZc6MCipEJIGOng05YiSyvSeEAMxkEX:o8j4r7DmCFJIGOnge7SyaeCxT
                                                                                                                                                                                          MD5:BC5F1A631A5B2B0D874654CA17C327A7
                                                                                                                                                                                          SHA1:D391E3198D69FC420F737D9FC31153892DED57DE
                                                                                                                                                                                          SHA-256:A889045C5855D964B490FE6413FECC34D03FEA5B5925C722655885AEA0BD5B84
                                                                                                                                                                                          SHA-512:4B2D46DFF34045E7ECA25B24831172A803BEDB84248C2EB8BC438BB672BE8D1F8374149DD2335CE437A7F8E8AFF3A4EBD025E90AC58319A420C5C6CF5748078D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:.T.[...[...[...#*..[...'...[...'...[...'...[...'...[...&...[..M#...[...[...[...&...[...&...[...&F..[...&...[..Rich.[..........................PE..d...Q..e.........." ...#.`...........9.......................................`............`..........................................Z..P....Y..P....P......................D[.......................................E..@...........................................UPX0....................................UPX1.....`.......X..................@....rsrc........P.......\..............@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_brotli.cp312-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):279040
                                                                                                                                                                                          Entropy (8bit):7.992754100181066
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:6144:1MekaHmIW3JkTJGnlffcRwF3sfDhcpntP43tSy+54JO:WTB3UWXQipu3t7c
                                                                                                                                                                                          MD5:0EB17C658E41394A867A4C185D19F220
                                                                                                                                                                                          SHA1:EFD39F6E8D7679181D1BC05930C4414857A444D8
                                                                                                                                                                                          SHA-256:8768E373A4E82722CFCAB2511544A9C2A6DC8FBCC59475986A68C59135917907
                                                                                                                                                                                          SHA-512:1401258D859E1AD7D10162CC2E132706CCBE10C5F48A4A36F2386E3811ACA1F040A32D3E6B13DFAA126E6AF42610692E1F9B0FC221DCBCA38C45746D73451BF2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......]ws..............n......j......Rn......j......j......j.......k..........$....k..9....k.......k.......k......Rich....................PE..d...7..d.........." ...#.@................................................................`.........................................,...`.......<.......................................................................@...........................................UPX0....................................UPX1.....@.......:..................@....rsrc................>..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_bz2.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):49944
                                                                                                                                                                                          Entropy (8bit):7.783132151019094
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:G/onT0xi3xXtfwYf5CVW3Bd7IGCVwU7SyixL7:G/k538e5CIRlIGCVwUO7
                                                                                                                                                                                          MD5:7B93D289D8342003264EA364E707A929
                                                                                                                                                                                          SHA1:C48CC5668FEAA94C6BD2D6A869227D818ED03398
                                                                                                                                                                                          SHA-256:56FA7963B53BB2DADB6B6AC669084521D5873923C16192030D3D8A7741F8C720
                                                                                                                                                                                          SHA-512:26521252685A52C331204CA1C38E3E80C31E16209B6016C433FEB0348B40240E17094C3A51723839496F1906CB4A1472752AAA1CC135D61D23D681A485C3CD90
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w.l.3...3...3...:...9......1......0......>......;......7.......0...x...1...3...l.......;.......2.......2.......2...Rich3...................PE..d...f..e.........." ...#.............e....................................................`.............................................H.................... ..,...................................................q..@...........................................UPX0....................................UPX1................................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_cffi_backend.cp312-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):73216
                                                                                                                                                                                          Entropy (8bit):7.915393474934398
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:rYKYjVhOKr5WNqYZbeKaMoxrZQmAQqdtXEb53a/Tw:1YxEkW91O/mLQqdOl
                                                                                                                                                                                          MD5:9C42595725784639A9490FD262B79994
                                                                                                                                                                                          SHA1:02D555F1B62C4B6B7AE98ABEAC129856024BBEDA
                                                                                                                                                                                          SHA-256:C7FE8E9CCBEDF87171A604E5406CBC65520DBBBFC750DCF0432B56E63F1A12CB
                                                                                                                                                                                          SHA-512:F1F1ADCDD807AF48C6282F079B34DDAB2A043D6145B667C79F0E53D482CD404FF03132E20BC88D43872E0A0AE1C17207C8C1524B33BE87F4B37235A2A6BB35C4
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......a..#%p.p%p.p%p.p,..p)p.p5.q'p.p5.zp!p.p5.q!p.p5.q-p.p5.q)p.pn..q!p.p6.q&p.p%p.p.p.pm..q!p.p,..p$p.pm..q$p.pm.xp$p.pm..q$p.pRich%p.p........................PE..d...W..f.........." ...). .......@...U...P................................................`..........................................s..l....p.......p..........T...........ht.......................................a..@...........................................UPX0.....@..............................UPX1..... ...P......................@....rsrc........p......................@..............................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_ctypes.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):60696
                                                                                                                                                                                          Entropy (8bit):7.822216451119025
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:kbK/YBHE2gCtX+/9zyeoVIkwLMzKep8z+IGLPAt7SyWxU:kGAK2ghtGIk6MeeGyIGLPAtz
                                                                                                                                                                                          MD5:39E76F6794B87D7B0AF9CB3A40009736
                                                                                                                                                                                          SHA1:B23BE9B2F1DC5EBDB1A5B4E75BD423A3777DCB03
                                                                                                                                                                                          SHA-256:479EAAD69BCBC8BD6CC4F0F3411A92185B780C80687A9596D3F283EEAA68D171
                                                                                                                                                                                          SHA-512:193F420CDEFC11AFF1891C4E0E9D02EE7A9C718B446FC42B2363A1539D0A1ED78E7054C33D1EDBF443A8664D68A31C510A1ED1F48DC561ED5773D1F2DA770E04
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......>...z.z.z.s...|....x....v....r....~.....x.1...{.1...|.....y.z.......|.....{...o.{.....{.Richz.................PE..d...c..e.........." ...#.............-.......................................P............`.........................................HL.......I.......@.......................L.......................................9..@...........................................UPX0....................................UPX1................................@....rsrc........@......................@......................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_decimal.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):108312
                                                                                                                                                                                          Entropy (8bit):7.930158683046724
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:RnHQe/FKYjTnmuJkv4D5ZIBGeKHC6ajQ6BWIGOqmbtbb9:RnHQe/MYjTnDJRX6Ge16ehbhx
                                                                                                                                                                                          MD5:07BB60C9039423EC170ECB6550A5E685
                                                                                                                                                                                          SHA1:556A754DAE6813883144F4DEE755DA68FD5197BE
                                                                                                                                                                                          SHA-256:A0DD49BB57B6EBB78482E6E4CDE24D358EB676C7A7B29B217379DBD90F985DA6
                                                                                                                                                                                          SHA-512:07414189A52A84672C3F9BA6D598049D005958F42195BB38FB58751F3FE345C267DBB4142B80157CB31F96DCDCBBFE69DA1F97E6D5E9BC7EB7DFBA5F982493FC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........@.R.!...!...!...Y=..!..+]...!..+]...!..+]...!..+]...!..M\...!...Y...!...!...!..M\...!..M\...!..M\...!..M\Q..!..M\...!..Rich.!..........PE..d...T..e.........." ...#.p...................................................0............`..........................................,..P....)....... ...........'...........-..........................................@...........................................UPX0....................................UPX1.....p.......f..................@....rsrc........ .......j..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_hashlib.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):36120
                                                                                                                                                                                          Entropy (8bit):7.670439671412394
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:6uKW7574DsajR20fnfPHz8HLP8pfbnIGOINg5YiSyvIAMxkE3n1:JKW7hq00fnTQEbnIGOINy7Sy+xzn1
                                                                                                                                                                                          MD5:E9817DBEB15E1C4EB8E83E2290F566DA
                                                                                                                                                                                          SHA1:FFAEAB66BFD23AE65FD3EC56C14B5359FB1DE0F6
                                                                                                                                                                                          SHA-256:CC47548D1B9AE5293756FB75373482299C745FCA8C0A68C9C8779073EE4F59B1
                                                                                                                                                                                          SHA-512:109747ED8ED939895224BAF2611A3D90AE23CACAC8B38AA6966211306AED85139065703869321A9394F6A788C750FDF1E49161C0E65E43C048D43F657B74EB63
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........u...&...&...&.U&...&u..'...&u..'...&u..'...&u..'...&...'...&...'...&...&M..&...'...&...'...&..9&...&...'...&Rich...&........PE..d......e.........." ...#.P.........../.......................................P............`.........................................|K..P....I.......@.......................K.......................................;..@...........................................UPX0....................................UPX1.....P.......N..................@....rsrc........@.......R..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_lzma.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):87832
                                                                                                                                                                                          Entropy (8bit):7.91726740491422
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:cRQY6vZR307kwHMn3NsbM5PlvQzSqoSdPN1uruZkU2D90nGt4pcgIGZ1rA7SyTx7:uQY6nEZe3NsbI1QzSwlaugudNIGZ1rAP
                                                                                                                                                                                          MD5:34549863E00005080416DC1D3827895F
                                                                                                                                                                                          SHA1:DE955741C90CAFF0F3401BEB66AD4AC83DBE9DCF
                                                                                                                                                                                          SHA-256:44C0D49356E2BC5546B6F7CA8F290821DA336561DA275EC02EDD055BEBC1C90E
                                                                                                                                                                                          SHA-512:3C9D94EDA63FF57F0CE58BA2156B9922C453D5700DEC625253146B4F292F0F9175D5ECD6AF30FCC98B0F29D864F5821D3DEF6FAE54D66B5167FFE342B76C3801
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........TB#.5,p.5,p.5,p.M.p.5,p.I-q.5,p.I)q.5,p.I(q.5,p.I/q.5,pnH-q.5,p.M-q.5,p.5-p.5,pnH!q.5,pnH,q.5,pnH.p.5,pnH.q.5,pRich.5,p........PE..d......e.........." ...#. ...............................................................`.........................................4...L....................P.........................................................@...........................................UPX0....................................UPX1..... ..........................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_multiprocessing.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):27928
                                                                                                                                                                                          Entropy (8bit):7.494153215552285
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:PDAcYfayYp5z4IGWt9x5YiSyv2pAAMxkEn:EcCGz4IGWt9/7SyOOxj
                                                                                                                                                                                          MD5:8B840CB3413AC1B0B77E003D585B474E
                                                                                                                                                                                          SHA1:F6FA5B9D0CD00881BE0A0EB8B40EE02BF772AFB8
                                                                                                                                                                                          SHA-256:6D014026BC88DBE37D53B50DD18AC3DC9E1C02A597CC3BD7A6D4F4C44AC65C82
                                                                                                                                                                                          SHA-512:D3608EFE3B08DF7482D1695D719A0265968BBD5A32D09001DA203CDA4D1CB6567BEAB903ED72629D5F15724B01E7918D54DB43AD3E1E05FC663362D5CD9F968B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........)*.wGy.wGy.wGy...y.wGy'.Fx.wGy'.Bx.wGy'.Cx.wGy'.Dx.wGyA.Fx.wGy.wFy.wGy..Fx.wGyA.Jx.wGyA.Gx.wGyA..y.wGyA.Ex.wGyRich.wGy........................PE..d...W..e.........." ...#.0................................................................`.........................................4...`....................p..........................................................@...........................................UPX0....................................UPX1.....0..........................@....rsrc................2..............@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_overlapped.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):34584
                                                                                                                                                                                          Entropy (8bit):7.637658154374066
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:JqfuLYw3hSxhiMM/v3Lhsr5bm7p6j7IGXt9P5YiSyvxM6AMxkEw:JqfC3hSnit33Lh2KEj7IGXt9h7SyNxM
                                                                                                                                                                                          MD5:308D180970B3A6A3389B828551F380BE
                                                                                                                                                                                          SHA1:29BD14918C3B1B951EA4D3A5FE43E9ED14FBAC63
                                                                                                                                                                                          SHA-256:6CB8989DDB962CC1FC4AA0FB55E0D0421E552B7C11475198017171BA9B13539D
                                                                                                                                                                                          SHA-512:7EC1AF33219EBB3193F49290AC54B18E15A0B7584E7D62E08311540AC60EFC13B6F05248C5AE6286566483D2D282047DD404EFBB89EFF3C4F3CEFADB83148C69
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........|!{X.O(X.O(X.O(Qe.(\.O(.aN)Z.O(.aJ)T.O(.aK)P.O(.aL)[.O(.`N)Z.O(X.N(/.O(.eN)].O(.eK)Y.O(.`B)Y.O(.`O)Y.O(.`.(Y.O(.`M)Y.O(RichX.O(................PE..d...V..e.........." ...#.P..........`........................................ ............`.........................................t...X...........................................................................p...@...........................................UPX0....................................UPX1.....P.......H..................@....rsrc................L..............@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_queue.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26904
                                                                                                                                                                                          Entropy (8bit):7.417965806918985
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:Vzh/iDHAPcpqyIGQUNz5YiSyvHAMxkEJ5YSv:1hiDHAP5yIGQUN97SyPx/Y+
                                                                                                                                                                                          MD5:C7FD1D372211BE50EC7BD692F566E8A6
                                                                                                                                                                                          SHA1:8099F47303E917F05B06EE88A44992B89515496F
                                                                                                                                                                                          SHA-256:3CFE97BD4ECCB9C69B1E08E140098189F3011EA7A43B358AE1F7F5C7220DD397
                                                                                                                                                                                          SHA-512:3A6304865F4F136FF983A64BA0E0A10950EA0FF0E4602EF3859AC51B40FFA3B09A6B3D8B6C86603194979D0CC7778271676EA0FE75093A2E6036EC0E2D56D9A3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......B:W\.[9..[9..[9..#...[9..'8..[9..'<..[9..'=..[9..':..[9..&8..[9.M#8..[9..[8.M[9..&4..[9..&9..[9..&...[9..&;..[9.Rich.[9.........................PE..d...Y..e.........." ...#.0...............................................................`.............................................L.......P............`..............<..........................................@...........................................UPX0....................................UPX1.....0.......*..................@....rsrc...............................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_socket.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):45336
                                                                                                                                                                                          Entropy (8bit):7.717736433119785
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:o1X8HEfobVbgwsIZsQD182/q2vQttkmnIzPnzTpwOgIGLwgBT5YiSyvvBAMxkEn:wXz0gwsGsQD1ZbmiSOgIGLwgBd7SyZxL
                                                                                                                                                                                          MD5:CE773BF599AA4664533AC42410520FA2
                                                                                                                                                                                          SHA1:661350EC2718B0A5D221D3D11687C93C00CBA777
                                                                                                                                                                                          SHA-256:D6D04F0E7D8C396F85E8DB82750224F454D17EF0648F8D11A3A76E0287D39FA5
                                                                                                                                                                                          SHA-512:A25C04034459D0BF82D61AF123A0AD37548689D048E026F0A2D2836D45A0BBE8E82B073ECAE417147A407E34768B45BC8C46242DE78283AFB7BEC8D8C60A434F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........J./.+z|.+z|.+z|.S.|.+z|.W{}.+z|.W.}.+z|.W~}.+z|.Wy}.+z|}V{}.+z|.+{|.+z|.S{}.+z|}Vw}.+z|}Vz}.+z|}V.|.+z|}Vx}.+z|Rich.+z|................PE..d......e.........." ...#.p.......... q....................................................`.........................................D...P....................0......................................................0}..@...........................................UPX0....................................UPX1.....p.......p..................@....rsrc................t..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_ssl.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):67352
                                                                                                                                                                                          Entropy (8bit):7.856092146754657
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:mRuyAdinkEweTTDWPnQfNnPAdu8LfPXrBIGC777m7Synx5:YF9fEo58DPXdIGC77yN
                                                                                                                                                                                          MD5:4C86933F615D895BC421199CC4F74A74
                                                                                                                                                                                          SHA1:90496BF51B37165BD2D7F213AD886CDECD991679
                                                                                                                                                                                          SHA-256:BF2AAA5FBB9CA9DAE5D138B1C70DE1E6B52005ECED94FC31873AB4F9C14719AC
                                                                                                                                                                                          SHA-512:1CF91A962F973A906C527BC83243FCEA84A9AAD70E21339893EEF0A5BAFEDD05E5F66618E0D9040977413B933F19DD27FFEAB743551C491690C7E620C7043AEF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........U.k.4.8.4.8.4.8.L)8.4.8.H.9.4.8.H.9.4.8.H.9.4.8.H.9.4.8kI.9.4.8.4.8#5.8.L.9.4.8kI.9.4.8kI.9.4.8kIE8.4.8kI.9.4.8Rich.4.8........................PE..d......e.........." ...#.........@.......P...................................0............`.........................................l,..d....)....... ..........8............,..........................................@...........................................UPX0.....@..............................UPX1.........P......................@....rsrc........ ......................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\_wmi.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):28952
                                                                                                                                                                                          Entropy (8bit):7.472560755921187
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:oWw1HQYXj+pMUbIGCi9lx5YiSyvzAMxkEaFy:oWMpUbIGCi9h7Syrx+g
                                                                                                                                                                                          MD5:6692FB61DADAE290E9C9D1B18F8F567D
                                                                                                                                                                                          SHA1:4001C0347BA6E0FDBB05453D39549712F62B2B81
                                                                                                                                                                                          SHA-256:235282A0C0EDE0AC029AD5831DF01B4E3BBDEA7960E864369EFC797105ABD895
                                                                                                                                                                                          SHA-512:11B21EE9B7FFC32E0EF5E26E107DF9260CC22FF415F27DFEF680C3F36EC74C935263DC3C21B03D408D37E42C9188C0E51A760F61C63238C9CC45F0AE8207CF31
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......._\...=.@.=.@.=.@.En@.=.@.A.A.=.@.A.A.=.@.A.A.=.@.@.A.=.@.A.A.=.@PE.A.=.@.=.@A=.@PE.A.=.@.@.A.=.@.@.A.=.@.@.@.=.@.@.A.=.@Rich.=.@........PE..d..._..e.........." ...#.0.......... .....................................................`.............................................H.......\............p..`...........@.......................................0...@....................S..@...................UPX0....................................UPX1.....0.......0..................@....rsrc................4..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\base_library.zip

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Zip archive data, at least v2.0 to extract, compression method=store
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1329520
                                                                                                                                                                                          Entropy (8bit):5.586689148227218
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12288:uttcY+b+vOmgRF1+fYNXPh26UZWAzau7j5D95wXgkVHdYOP4wwMw9gCCaYc23:uttcY+mHCiaA5TnqHdYOPxmEaYc23
                                                                                                                                                                                          MD5:73F91FE1B7771F022020DDF0AC619CDE
                                                                                                                                                                                          SHA1:D9ECB3061627C94F2CF6C1B7A34FEA2CDBD13DF7
                                                                                                                                                                                          SHA-256:763457EC96D1D2AFDDFFA85523D59AA351208BFDF607F5C5F3FB79A518B6D0C2
                                                                                                                                                                                          SHA-512:CB85666C7E50E3DBF14FC215EC05D9576B884066983FE97FA10A40C6A8D6BE11C68CA853E7F7039EC67E6B2D90E8C8A3273039B4B86D91D311BCDDCDD831B507
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:PK..........!.x[_C............_collections_abc.pyc......................................Z.....d.Z.d.d.l.m.Z.m.Z...d.d.l.Z...e.e.e.............Z...e.d.........Z.d...Z...e.e.........Z.[.g.d...Z.d.Z...e...e.d.................Z...e...e...e.........................Z...e...e.i.j%..........................................Z...e...e.i.j)..........................................Z...e...e.i.j-..........................................Z...e...e.g.................Z...e...e...e.g.........................Z...e...e...e.d.........................Z...e...e...e.d.d.z...........................Z...e...e...e.........................Z...e...e.d.................Z ..e...e.d.................Z!..e...e...e"........................Z#..e.i.j%..................................Z$..e.i.j)..................................Z%..e.i.j-..................................Z&..e.e.jN..........................Z(..e...d...................Z)d...Z*..e*........Z*..e.e*........Z+e*jY............................[*d...Z-..e-........

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\certifi\cacert.pem

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):299427
                                                                                                                                                                                          Entropy (8bit):6.047872935262006
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:QW1x/M8fRR1jplkXURrVADwYCuCigT/QRSRqNb7d8iu5Nahx:QWb/TRJLWURrI5RWavdF08/
                                                                                                                                                                                          MD5:50EA156B773E8803F6C1FE712F746CBA
                                                                                                                                                                                          SHA1:2C68212E96605210EDDF740291862BDF59398AEF
                                                                                                                                                                                          SHA-256:94EDEB66E91774FCAE93A05650914E29096259A5C7E871A1F65D461AB5201B47
                                                                                                                                                                                          SHA-512:01ED2E7177A99E6CB3FBEF815321B6FA036AD14A3F93499F2CB5B0DAE5B713FD2E6955AA05F6BDA11D80E9E0275040005E5B7D616959B28EFC62ABB43A3238F0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:.# Issuer: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Subject: CN=GlobalSign Root CA O=GlobalSign nv-sa OU=Root CA.# Label: "GlobalSign Root CA".# Serial: 4835703278459707669005204.# MD5 Fingerprint: 3e:45:52:15:09:51:92:e1:b7:5d:37:9f:b1:87:29:8a.# SHA1 Fingerprint: b1:bc:96:8b:d4:f4:9d:62:2a:a8:9a:81:f2:15:01:52:a4:1d:82:9c.# SHA256 Fingerprint: eb:d4:10:40:e4:bb:3e:c7:42:c9:e3:81:d3:1e:f2:a4:1a:48:b6:68:5c:96:e7:ce:f3:c1:df:6c:d4:33:1c:99.-----BEGIN CERTIFICATE-----.MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG.A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv.b3QgQ0ExGzAZBgNVBAMTEkdsb2JhbFNpZ24gUm9vdCBDQTAeFw05ODA5MDExMjAw.MDBaFw0yODAxMjgxMjAwMDBaMFcxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9i.YWxTaWduIG52LXNhMRAwDgYDVQQLEwdSb290IENBMRswGQYDVQQDExJHbG9iYWxT.aWduIFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDaDuaZ.jc6j40+Kfvvxi4Mla+pIH/EqsLmVEQS98GPR4mdmzxzdzxtIK+6NiY6arymAZavp.xy0Sy6scTHAHoT0KMM0VjU/43dSMUBUc71DuxC73/OlS8pF94G3VNTCOXkNz

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md.cp312-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):9728
                                                                                                                                                                                          Entropy (8bit):6.714814722625894
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:MAOzE9WrStIf1F25LInXfzMiiukYj273QJXpHE0J:LMGo1F2AXbQuZa7gJXS0
                                                                                                                                                                                          MD5:A0E2423755456AA66970981C3B5D453E
                                                                                                                                                                                          SHA1:48A92FA53CBDE319D2F7F222630EE38C19D761BD
                                                                                                                                                                                          SHA-256:2CEF74C8D6D5DEC5A0088B42CCC54A01952CDA57E4E4A026E4F39F793737FB78
                                                                                                                                                                                          SHA-512:5A8DCDCAD81A9DFBDDDE14A32B248A0E763E3C6216A56EDC61BC74A7FD8CF132AAD1B64B1967CB4BE88800D308FE125D948DEAC88B7262CFFE46F03830D2608D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........k............r_...........r................................................3..........Rich....................PE..d... $.g.........." ...). .......p........................................................`.........................................@...p......P............@..........................................................@...........................................UPX0.....p..............................UPX1..... ..........................@....rsrc................"..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):40448
                                                                                                                                                                                          Entropy (8bit):7.867941384903281
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:hG2Z8o+8FiFF0grM5z6BBPNWjLDKZ2MW96vLejBuzMsidkERB4Uppu:hG2Z8ogFF9BPsGZ2MWiIuzMs2B4Uq
                                                                                                                                                                                          MD5:86170649F304419D33D64B9042927C0D
                                                                                                                                                                                          SHA1:9FC3624415C0D23CD29722D9FE9BF19EEF825A61
                                                                                                                                                                                          SHA-256:7F4BE425D941D3B2C8DA7C9B9197A0E386ACE28B73B0806FF4AD329F959FB304
                                                                                                                                                                                          SHA-512:810378ACFD833D1C74D1CBF23774A6968A36AD4851DD70C88E7832B4604D8434140F8563187AFD80A8E0E19717A3F29BFBCDF90BBAE00A413DDA03FE7FA3C75C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........yB....................7...............7.......7.......7.......6..........C....6.......6.......6.......6......Rich............................PE..d....$.g.........." ...).............H.......................................p............`..........................................b..d....`.......`......................<c.......................................T..@...........................................UPX0....................................UPX1................................@....rsrc........`......................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):5440
                                                                                                                                                                                          Entropy (8bit):5.074230645519915
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:DloQIUQIhQIKQILbQIRIaMPktjaVxsxA2TLLDmplH7dwnqTIvrUmA0JQTQCQx5KN:RcPuP1srTLLDmplH7JTIvYX0JQTQ9x54
                                                                                                                                                                                          MD5:C891CD93024AF027647E6DE89D0FFCE2
                                                                                                                                                                                          SHA1:01D8D6F93F1B922A91C82D4711BCEFB885AD47B0
                                                                                                                                                                                          SHA-256:EB36E0E4251E8479EF36964440755EF22BEDD411BA87A93F726FA8E5BB0E64B0
                                                                                                                                                                                          SHA-512:3386FBB3DCF7383B2D427093624C531C50BE34E3E0AA0984547B953E04776D0D431D5267827F4194A9B0AD1AB897869115623E802A6A1C5D2AE1AD82C96CCE71
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.3.Name: cryptography.Version: 43.0.3.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Natural Language :: English.Classifier: Operating System :: MacOS :: MacOS X.Classifier: Operating System :: POSIX.Classifier: Operating System :: POSIX :: BSD.Classifier: Operating System :: POSIX :: Linux.Classifier: Operating System :: Microsoft :: Windows.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classif

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15485
                                                                                                                                                                                          Entropy (8bit):5.56196201342315
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:1XxTBL1z5jF4E9VqhXJZ4WPB6s7B0Ppz+NX6in5Lqw/I+B:1XXL1hCEsJrPB6s7B0Ppz+96innVB
                                                                                                                                                                                          MD5:8D7997FB71E20CD7B224D04D72F0DAFA
                                                                                                                                                                                          SHA1:2AA4472F7177DCBA6067295BB5CD0218D8E44AA0
                                                                                                                                                                                          SHA-256:AF001DA7DCDB3AB8666555CAE1F34B360785F23987072919952D921C918B87DF
                                                                                                                                                                                          SHA-512:A2B4D6A4DB6E134EFFCD2D294C4DFBA27DF8735FBC25FCA367F244A85E64B375AEAA93212D2A69A6989266086AE84EAFE5FFE714581ECB1493AF2959F73063A0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:cryptography-43.0.3.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..cryptography-43.0.3.dist-info/METADATA,sha256=6zbg5CUehHnvNpZEQHVe8ivt1BG6h6k_cm-o5bsOZLA,5440..cryptography-43.0.3.dist-info/RECORD,,..cryptography-43.0.3.dist-info/WHEEL,sha256=8_4EnrLvbhzH224YH8WypoB7HFn-vpbwr_zHlr3XUBI,94..cryptography-43.0.3.dist-info/license_files/LICENSE,sha256=Pgx8CRqUi4JTO6mP18u0BDLW8amsv4X1ki0vmak65rs,197..cryptography-43.0.3.dist-info/license_files/LICENSE.APACHE,sha256=qsc7MUj20dcRHbyjIJn2jSbGRMaBOuHk8F9leaomY_4,11360..cryptography-43.0.3.dist-info/license_files/LICENSE.BSD,sha256=YCxMdILeZHndLpeTzaJ15eY9dz2s0eymiSMqtwCPtPs,1532..cryptography/__about__.py,sha256=-FkHKD9mSuEfH37wsSKnQzJZmL5zUAUTpB5OeUQjPE0,445..cryptography/__init__.py,sha256=mthuUrTd4FROCpUYrTIqhjz6s6T9djAZrV7nZ1oMm2o,364..cryptography/__pycache__/__about__.cpython-312.pyc,,..cryptography/__pycache__/__init__.cpython-312.pyc,,..cryptography/__pycache__/exceptions.cpython-312.pyc,,..cryptography/__p

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):94
                                                                                                                                                                                          Entropy (8bit):5.016084900984752
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX5pGogP+tkKciH/KQb:RtvoTWKTQb
                                                                                                                                                                                          MD5:C869D30012A100ADEB75860F3810C8C9
                                                                                                                                                                                          SHA1:42FD5CFA75566E8A9525E087A2018E8666ED22CB
                                                                                                                                                                                          SHA-256:F3FE049EB2EF6E1CC7DB6E181FC5B2A6807B1C59FEBE96F0AFFCC796BDD75012
                                                                                                                                                                                          SHA-512:B29FEAF6587601BBE0EDAD3DF9A87BFC82BB2C13E91103699BABD7E039F05558C0AC1EF7D904BCFAF85D791B96BC26FA9E39988DD83A1CE8ECCA85029C5109F0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: maturin (1.7.0).Root-Is-Purelib: false.Tag: cp39-abi3-win_amd64.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\license_files\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):197
                                                                                                                                                                                          Entropy (8bit):4.61968998873571
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreLRuOFEXAYeBKmJozlMHuO:h9Co8FyQjkDYc5tWreLBF/pn2mH1
                                                                                                                                                                                          MD5:8C3617DB4FB6FAE01F1D253AB91511E4
                                                                                                                                                                                          SHA1:E442040C26CD76D1B946822CAF29011A51F75D6D
                                                                                                                                                                                          SHA-256:3E0C7C091A948B82533BA98FD7CBB40432D6F1A9ACBF85F5922D2F99A93AE6BB
                                                                                                                                                                                          SHA-512:77A1919E380730BCCE5B55D76FBFFBA2F95874254FAD955BD2FE1DE7FC0E4E25B5FDAAB0FEFFD6F230FA5DC895F593CF8BFEDF8FDC113EFBD8E22FADAB0B8998
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to cryptography are made.under the terms of *both* these licenses..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\license_files\LICENSE.APACHE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11360
                                                                                                                                                                                          Entropy (8bit):4.426756947907149
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:nUDG5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEnQHbHR:UIvlKM1zJlFvmNz5VrlkTS0QHt
                                                                                                                                                                                          MD5:4E168CCE331E5C827D4C2B68A6200E1B
                                                                                                                                                                                          SHA1:DE33EAD2BEE64352544CE0AA9E410C0C44FDF7D9
                                                                                                                                                                                          SHA-256:AAC73B3148F6D1D7111DBCA32099F68D26C644C6813AE1E4F05F6579AA2663FE
                                                                                                                                                                                          SHA-512:F451048E81A49FBFA11B49DE16FF46C52A8E3042D1BCC3A50AAF7712B097BED9AE9AED9149C21476C2A1E12F1583D4810A6D36569E993FE1AD3879942E5B0D52
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. https://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial ow

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography-43.0.3.dist-info\license_files\LICENSE.BSD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1532
                                                                                                                                                                                          Entropy (8bit):5.058591167088024
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:MjUnoorbOFFTJJyRrYFTjzMbmqEvBTP4m96432s4EOkUTKQROJ32s3yxsITf+3tY:MkOFJSrYJsaN5P406432svv32s3EsIqm
                                                                                                                                                                                          MD5:5AE30BA4123BC4F2FA49AA0B0DCE887B
                                                                                                                                                                                          SHA1:EA5B412C09F3B29BA1D81A61B878C5C16FFE69D8
                                                                                                                                                                                          SHA-256:602C4C7482DE6479DD2E9793CDA275E5E63D773DACD1ECA689232AB7008FB4FB
                                                                                                                                                                                          SHA-512:DDBB20C80ADBC8F4118C10D3E116A5CD6536F72077C5916D87258E155BE561B89EB45C6341A1E856EC308B49A4CB4DBA1408EABD6A781FBE18D6C71C32B72C41
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Copyright (c) Individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution... 3. Neither the name of PyCA Cryptography nor the names of its contributors. may be used to endorse or promote products derived from this software. without specific prior written permission...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOS

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\cryptography\hazmat\bindings\_rust.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2229248
                                                                                                                                                                                          Entropy (8bit):7.999624402050615
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:49152:qbSlg7EtPbwG7Qtugc58UQG/0ym73KDYo/6cUWnyO:+SCkwG7Gub8URsF6YoPUE
                                                                                                                                                                                          MD5:308328BCA82BE8A73422314F9B706EA9
                                                                                                                                                                                          SHA1:A6AFCF77AED56D4F22250E4E74DAB23AA0F91B35
                                                                                                                                                                                          SHA-256:68F78996E7C12E631E1E62C75D4A323D6C24D0AB94D3D272BEEA5719FB55888D
                                                                                                                                                                                          SHA-512:9BE96651B2DCE3C7E601E248D8707037BD0914116AF8FBD8399A30057273BEB77DCCCBEB5376C721B9201653E79F2F0063DA08F9546B8063C183EEC596B123DF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......r.b.6...6...6...?..$...&9..4...&9..2...&9..>...&9..'...}...8...Y<..5...6...2...~8..I...6.......~8..7...~8..7...Rich6...........PE..d......g.........." ...)..".......V.0wx...V...................................x...........`...........................................x.......x.............. s...............x.$...........................H.x.(.....x.@...........................................UPX0......V.............................UPX1......"...V...!.................@...UPX2..........x.......!.............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\libcrypto-3.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1629464
                                                                                                                                                                                          Entropy (8bit):7.952620213372374
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:49152:iMyDwbv70aKbP1zkLO5YHLA1CPwDvt3uFlDCZ:Gwbv77KbPaqYHLA1CPwDvt3uFlDCZ
                                                                                                                                                                                          MD5:5A3C63ACDC6CE220B8E104DEA93CBA90
                                                                                                                                                                                          SHA1:17A4282C1E359ED9726AD99202CB85833F07E714
                                                                                                                                                                                          SHA-256:539A6496305304D8C8FC8C3219F6F84E4D4467767EEDA9A3B8A66CEDA01A2880
                                                                                                                                                                                          SHA-512:2E050F79E844EA4ED27E607405242ADEDD9243102A27E026D1AFE6E108018C4AA20B10EB093AD96E60CC95EAF8B86B8BFC9B4364020E88E4483FA1E5FBD1C389
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......./',.kFB.kFB.kFB.b>..yFB..:C.iFB..:G.gFB..:F.cFB..:A.oFB.kFC..FB. >C.`FB.;A.KFB.;F..EB.;B.jFB.;..jFB.;@.jFB.RichkFB.........................PE..d...x..e.........." ...#. .......`9.0{O..p9.................................. R...........`......................................... .O......O.h.....O.......K.\.............R.......................................O.@...........................................UPX0.....`9.............................UPX1..... ...p9.....................@....rsrc.........O.....................@..............................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\libffi-8.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):29968
                                                                                                                                                                                          Entropy (8bit):7.67776426213941
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:1p/6aepjG56w24Up3p45YiSyvkIPxWEqG:fA154spK7SytPxF
                                                                                                                                                                                          MD5:66D7E2C5F4AA3E910DC357780ECF21F8
                                                                                                                                                                                          SHA1:EA658DF800A048EE8C4549B8937C13A0952A3DF5
                                                                                                                                                                                          SHA-256:3912D541C4EEA9029EE29D4DB6C0CA5F70196F93D50E57236508F531BC1A834C
                                                                                                                                                                                          SHA-512:7D0BC6EF3EBD8A36264D7575143101212A8A3DD216054BACF4F922CD23D05936B9BB6BEC1F2466142D83774C19D0ED5DA808887F912D86F51E73225D7A130DAE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........iV...8...8...8..p....8.t9...8.p9...8...9...8.t=...8.t<...8.t;...8.1t<...8.1t;...8.1t8...8.1t:...8.Rich..8.........................PE..d...Sh.c.........." ...".@................................................................`.....................................................................P.......................................................@...........................................UPX0....................................UPX1.....@.......<..................@...UPX2.................@..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\libssl-3.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):229144
                                                                                                                                                                                          Entropy (8bit):7.9300366936484465
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3072:gFfmvsqWLSCMT+MyN6Qp2oZqpN+/fvrqknqbf6CjaBGkfPkZAK1ck2kBVfLwOmFd:gFevsT9JN+vyH1nqLr3CPrYBBRcd
                                                                                                                                                                                          MD5:6E9C94A0BDCE8396496A3C963FA08711
                                                                                                                                                                                          SHA1:F0C28AED37FB319450F3826433F4B88661DB0BA6
                                                                                                                                                                                          SHA-256:8630601F8B8C63581FBCECAE35273FC2E3BA45361F33AAFC6AF739CE5442A547
                                                                                                                                                                                          SHA-512:53D3CB9935C4278ABF815B385A4556B771B8AED11C65B7E5F49AADEB53161931ECF7BE93FC3271985896BE2653AEA73FA8C09AF4B7BD170AC717C151683A1B08
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........T..T..T..].3.Z....V......V....X....\....P....W..T..I....e....U.._.U....U..RichT..........PE..d......e.........." ...#.....P...p...r....................................................`............................................,C......8............ ..pM...................................................~..@...........................................UPX0.....p..............................UPX1................................@....rsrc....P.......L..................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\pyexpat.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):90392
                                                                                                                                                                                          Entropy (8bit):7.905790533903752
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:1536:fFvj0VRbbCImt6eN962HiwRHni5uQfp0hhp/EnonIGLhri07SyVBxF:FIR6l82HLx40hhxIGLhrZZ
                                                                                                                                                                                          MD5:406D4152D167A2793DD51745FF30242D
                                                                                                                                                                                          SHA1:2770A101C9FD77D9DC539FCE6FB1BFC24399F035
                                                                                                                                                                                          SHA-256:384CB9A64F419376E37BD2CD7D62A3FD9DEA122AA5E2CB6E67A232D0A287433E
                                                                                                                                                                                          SHA-512:7639F6BBB8DD881BB5B99CD1FEB9069176E6AC1076E3884D4DC598D8FD0F8E5F2A07BF8C830D340BB175270D3C9FF58133A9E649F1F91335243EB235108220A1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........................g.................................h.......................h.......h.......h.......h.......Rich....................PE..d...Z..e.........." ...#. ..........P!.......................................@............`..........................................<..P....9.......0.......................<......................................P-..@...........................................UPX0....................................UPX1..... ....... ..................@....rsrc........0.......$..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\python3.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):68376
                                                                                                                                                                                          Entropy (8bit):6.14883904573939
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:3V1EbYGVXq6KC/prVHBN0cW18itCQDFPnOMFn+gikF/nFX14uewjBcCCC0yamM/J:3DmF61JFn+/OipIGL0m7Sy0xG
                                                                                                                                                                                          MD5:77896345D4E1C406EEFF011F7A920873
                                                                                                                                                                                          SHA1:EE8CDD531418CFD05C1A6792382D895AC347216F
                                                                                                                                                                                          SHA-256:1E9224BA7190B6301EF47BEFA8E383D0C55700255D04A36F7DAC88EA9573F2FB
                                                                                                                                                                                          SHA-512:3E98B1B605D70244B42A13A219F9E124944DA199A88AD4302308C801685B0C45A037A76DED319D08DBF55639591404665BEFE2091F0F4206A9472FEE58D55C22
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........C..."e.."e.."e.0_m.."e.0_e.."e.0_..."e.0_g.."e.Rich."e.................PE..d...@..e.........." ...#............................................................q.....`.........................................`...H................................/..............T............................................................................rdata..............................@..@.rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\python312.dll

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1826072
                                                                                                                                                                                          Entropy (8bit):7.993990404156154
                                                                                                                                                                                          Encrypted:true
                                                                                                                                                                                          SSDEEP:49152:pTBxkJIkNEakpCPK1JQyHi3p70PHY6/g7:PeFNlUsK1ij31WYUW
                                                                                                                                                                                          MD5:A7BF4310CEA55C20568B6AF1D00E49D4
                                                                                                                                                                                          SHA1:1AC601543CAD3676496F9825EE1ED2D76580DDB5
                                                                                                                                                                                          SHA-256:008DA498AE18A93B2423E1F8823B199CA49A81BB42932D5D6C73C8B29FEC2896
                                                                                                                                                                                          SHA-512:859F6E4DC1B823455E5125529CA9694C8346FEA5D479B620CF13F9E834506DBEF8CED29F11B623395CD7A1D3D3C329D8E1AF10240D78943045D0DA4B305CCEE3
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................m.................x...s...x......x......x......Rich............PE..d...=..e.........." ...#.........@Q...l..PQ...................................m...........`.........................................H/l......)l...... l......``..V............l. ...........................0.l.(...p.l.@...........................................UPX0.....@Q.............................UPX1.........PQ.....................@....rsrc........ l.....................@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\select.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):26392
                                                                                                                                                                                          Entropy (8bit):7.448154728523066
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:768:cnyukFaypXM5IGQGNf5YiSyvTcAMxkEMrX:cnGAaM5IGQGNR7Syb6xuX
                                                                                                                                                                                          MD5:6C46842787FC019A0D69306E2B8E47EC
                                                                                                                                                                                          SHA1:9E15D2222689F94A378AC2E4204A2604CF489BCD
                                                                                                                                                                                          SHA-256:11EA4521E8ADF7059EBEEDB591A55F27315E7482B1C8C88143158E4FA3761546
                                                                                                                                                                                          SHA-512:AB895B27C11D2A55995696528121DB88F6C2B377DB56E22C453D869DD78EF0A6D14DB8281A9568653E7789E99D104C67B4C2A071BEFC8CA1AD2D609DD37CDD06
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........t.q|'.q|'.q|'...'.q|'q.}&.q|'q.y&.q|'q.x&.q|'q..&.q|'..}&.q|'.q}'.q|'..}&.q|'..q&.q|'..|&.q|'...'.q|'..~&.q|'Rich.q|'........PE..d...Z..e.........." ...#.0................................................................`......................................... ...L....................`..............l..........................................@...........................................UPX0....................................UPX1.....0.......(..................@....rsrc................,..............@..............................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7634
                                                                                                                                                                                          Entropy (8bit):4.503638339817033
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:qnJvhVL0qhYqlpIle4RrJQSqOBng4kS/cKM6b:4vjxhYWpce48engvK
                                                                                                                                                                                          MD5:8466CFC6533376D42EFA6F7423F2B8E8
                                                                                                                                                                                          SHA1:2BC8926FDBB07DB2AF0A8E3FF7A3BE545C8BDF6B
                                                                                                                                                                                          SHA-256:ADE78D04982D69972D444A8E14A94F87A2334DD3855CC80348EA8E240AA0DF2D
                                                                                                                                                                                          SHA-512:CC45DC470E107E63659B502F77E9EF44335F9427BE87639252D85181A8DEA65FA9D1B5F1BD196F782186BC61B144467888199537806A8CC15E2B462CAC0D46A5
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:GNU LESSER GENERAL PUBLIC LICENSE. Version 3, 29 June 2007.. Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>. Everyone is permitted to copy and distribute verbatim copies. of this license document, but changing it is not allowed.... This version of the GNU Lesser General Public License incorporates.the terms and conditions of version 3 of the GNU General Public.License, supplemented by the additional permissions listed below... 0. Additional Definitions... As used herein, "this License" refers to version 3 of the GNU Lesser.General Public License, and the "GNU GPL" refers to version 3 of the GNU.General Public License... "The Library" refers to a covered work governed by this License,.other than an Application or a Combined Work as defined below... An "Application" is any work that makes use of an interface provided.by the Library, but which is not otherwise based on the Library..Defining a subclass of a class defined by the Library is de

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Python script, ASCII text executable, with very long lines (855)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):15006
                                                                                                                                                                                          Entropy (8bit):4.800156894367144
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:S037UxjwUbQd1Ak++k59jg8dXRNInXF2IOxcme+kQBd9Clb:d37U1LbQd1Z+3e8dhwXFacb+kQjQb
                                                                                                                                                                                          MD5:542BA4FBC993C39A0BC952BE72E8717F
                                                                                                                                                                                          SHA1:4310DB58F98C12B23286E5FA37F0E27ABEFB6A4A
                                                                                                                                                                                          SHA-256:3800D9B91DCEEA2065A6ED6279383362E97AC38B8E56B9343F404EE531860099
                                                                                                                                                                                          SHA-512:E3672EA056E5F2EFD3685C98DC0CF47E9A44F5A84DC457FC8AB31CD6DE09559C6E566D2D00F5B3CE55511E81A050DBB0DED6CF941916A6FF1019392FD96E1636
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: autocommand.Version: 2.2.2.Summary: A library to create a command-line program from a function.Home-page: https://github.com/Lucretiel/autocommand.Author: Nathan West.License: LGPLv3.Project-URL: Homepage, https://github.com/Lucretiel/autocommand.Project-URL: Bug Tracker, https://github.com/Lucretiel/autocommand/issues.Platform: any.Classifier: Development Status :: 6 - Mature.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3).Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Topic :: Software Development.Classifier: Topic :: Software Development :: Libraries.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Requires-Python: >=3.7.Description-Content-Type: text/markdown.License-File: LICENSE..[![PyPI version](https://badge.fury.io/py/autocommand.svg)](

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1308
                                                                                                                                                                                          Entropy (8bit):5.721750099226425
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:kn/2zDcMvX4owkE+RlpGUttyvUMDtuH5p4D127cyOMT34:knuXNv4LkEMl0UWMF5p45AcuT34
                                                                                                                                                                                          MD5:52BF4937018B88B9D28ED98A76B5E2AC
                                                                                                                                                                                          SHA1:C8D5B732C154A2D4D501454647FAFEB356B93C4E
                                                                                                                                                                                          SHA-256:822BBA66B41526FA547186B80221F85DA50D652BEE5493DBFE5D14085112F0C3
                                                                                                                                                                                          SHA-512:30E4DEFE09FB8907166682F9A33E0F7CC0203B65113155BBEC6548A1EADF7250882AF295FF2551803703274F9F387E00439D95CBBCB63D2E04E371B94556B3EE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:autocommand-2.2.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..autocommand-2.2.2.dist-info/LICENSE,sha256=reeNBJgtaZctREqOFKlPh6IzTdOFXMgDSOqOJAqg3y0,7634..autocommand-2.2.2.dist-info/METADATA,sha256=OADZuR3O6iBlpu1ieTgzYul6w4uOVrk0P0BO5TGGAJk,15006..autocommand-2.2.2.dist-info/RECORD,,..autocommand-2.2.2.dist-info/WHEEL,sha256=2wepM1nk4DS4eFpYrW1TTqPcoGNfHhhO_i5m4cOimbo,92..autocommand-2.2.2.dist-info/top_level.txt,sha256=AzfhgKKS8EdAwWUTSF8mgeVQbXOY9kokHB6kSqwwqu0,12..autocommand/__init__.py,sha256=zko5Rnvolvb-UXjCx_2ArPTGBWwUK5QY4LIQIKYR7As,1037..autocommand/__pycache__/__init__.cpython-312.pyc,,..autocommand/__pycache__/autoasync.cpython-312.pyc,,..autocommand/__pycache__/autocommand.cpython-312.pyc,,..autocommand/__pycache__/automain.cpython-312.pyc,,..autocommand/__pycache__/autoparse.cpython-312.pyc,,..autocommand/__pycache__/errors.cpython-312.pyc,,..autocommand/autoasync.py,sha256=AMdyrxNS4pqWJfP_xuoOcImOHWD-qT7x06wmKN1Vp-U,5680..autocommand/autoco

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.842566724466667
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlViJR4KgP+tPCCfA5S:RtBMwlVifAWBBf
                                                                                                                                                                                          MD5:88F09A0EC874FD86ABCB9BC4E265B874
                                                                                                                                                                                          SHA1:786AB44FFD2F5C632B4DC5C1BF4AA2E91E579A05
                                                                                                                                                                                          SHA-256:DB07A93359E4E034B8785A58AD6D534EA3DCA0635F1E184EFE2E66E1C3A299BA
                                                                                                                                                                                          SHA-512:7FFEF1EC782D590D2879294C2895A5A8064ECD5FE7243CF602FCCE66A8A715F64436F17CE96070B613123847EE0C18AB0AA5BC87DB13E98A792DC07DD95E4BAB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.38.4).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\autocommand-2.2.2.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):12
                                                                                                                                                                                          Entropy (8bit):3.084962500721156
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:5EEln:aM
                                                                                                                                                                                          MD5:C3FBD7931840D987F261BEBA8C77C4D2
                                                                                                                                                                                          SHA1:F7EE740BCB5C39966173CC377817A157D55844F7
                                                                                                                                                                                          SHA-256:0337E180A292F04740C16513485F2681E5506D7398F64A241C1EA44AAC30AAED
                                                                                                                                                                                          SHA-512:E1FA2DE0EE416AE68C57A0173C82D42A8F24DDD1E5143A1B76A3743B5EC3DDF11FB3950F27469D3D8FCAC4958CE267A7321D2F888671EDD7C2E95D0F3F8F7455
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:autocommand.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2020
                                                                                                                                                                                          Entropy (8bit):5.0469065437932175
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DfdqaaC3P1xe9okGw1w8wQwywbM0kvsJib0ts++kv0gMzvy0htC+heU01:DfdqaaC/12G2bHZokO+/36
                                                                                                                                                                                          MD5:18B352E2051962B9F65C33BC651426BF
                                                                                                                                                                                          SHA1:3DD8D93CF7695D1C9D7574751AB5B0DEE5DD7F9A
                                                                                                                                                                                          SHA-256:8215C54EAD77D9DC5A108A25C6BDC72B5999AA6F62C9499A440359412AFA5A51
                                                                                                                                                                                          SHA-512:D966BC2899079C0D9AC763C96EA59A550E00A54BDCEEB6D96B0A8CAA9F6A1C408E7E3946915432978EDE9EDF669EEC68035A55B094B69671A28428458760D99E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: backports.tarfile.Version: 1.2.0.Summary: Backport of CPython tarfile module.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/backports.tarfile.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest !=8.1.*,>=6 ; extra == 'testing'.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'testing'.Requires-Dist: pytest-cov ; extra == 'testing

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1360
                                                                                                                                                                                          Entropy (8bit):5.753738299642538
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:U6rn/2zDJ6rvbqfuG6rJnB6rU6rEsJYB6rXamx6rlCHmTKjaQliwxJlp5DQljQls:NnuXIzUurJwN5JjfAlqYK9liSlp5DQlP
                                                                                                                                                                                          MD5:CF347AE8E31132435B127226F358F8CD
                                                                                                                                                                                          SHA1:2C857B300638FF291651234BBB2C077BEEF494E4
                                                                                                                                                                                          SHA-256:258A1F1C849E1175069A55A5D6CE357AFDD04E34CD5DE27093E4ACEC7A9D2CE1
                                                                                                                                                                                          SHA-512:2A46C7FDFA2F9883BB1D761646B33BE9CE7B07280A5BF38992C1C84AB0449944EB0CAF34620CCC82DDBBC193F0D54AE67797D97863F70CA0C24EE55A3B401F9C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:backports.tarfile-1.2.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..backports.tarfile-1.2.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..backports.tarfile-1.2.0.dist-info/METADATA,sha256=ghXFTq132dxaEIolxr3HK1mZqm9iyUmaRANZQSr6WlE,2020..backports.tarfile-1.2.0.dist-info/RECORD,,..backports.tarfile-1.2.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..backports.tarfile-1.2.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..backports.tarfile-1.2.0.dist-info/top_level.txt,sha256=cGjaLMOoBR1FK0ApojtzWVmViTtJ7JGIK_HwXiEsvtU,10..backports/__init__.py,sha256=iOEMwnlORWezdO8-2vxBIPSR37D7JGjluZ8f55vzxls,81..backports/__pycache__/__init__.cpython-312.pyc,,..backports/tarfile/__init__.py,sha256=Pwf2qUIfB0SolJPCKcx3vz3UEu_aids4g4sAfxy94qg,108491..backports/tarfile/__main__.py,sha256=Yw2oGT1afrz2eBskzdPYL8ReB_3liApmhFkN2EbDmc4,59..backports/tarfile/__pycache__/__init__.cpython-312.pyc,,..back

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\backports.tarfile-1.2.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                          Entropy (8bit):3.321928094887362
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:21v:ev
                                                                                                                                                                                          MD5:9BA458821AD258B6EF62B47E91302982
                                                                                                                                                                                          SHA1:9EDB9E6BA5C4001CE2FCCF328739292404EA9604
                                                                                                                                                                                          SHA-256:7068DA2CC3A8051D452B4029A23B73595995893B49EC91882BF1F05E212CBED5
                                                                                                                                                                                          SHA-512:3A296E5DADD5B406330BA088BFED33BE6960F8FF42DB6651E185FF14F2272FC819EF520D1A15BC40DA4E20B9CA0E5D79170EDF33F3D50937C7FBEDB338CAC730
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:backports.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11358
                                                                                                                                                                                          Entropy (8bit):4.4267168336581415
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                          MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                          SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                          SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                          SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4648
                                                                                                                                                                                          Entropy (8bit):5.006900644756252
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:Dx2ZSaCSmS8R902Vpnu386eLQ9Ac+fFZpDN00x2jZ2SBXZJSwTE:9Smzf02Vpnu386mQ9B+TP0vJHJSwTE
                                                                                                                                                                                          MD5:98ABEAACC0E0E4FC385DFF67B607071A
                                                                                                                                                                                          SHA1:E8C830D8B0942300C7C87B3B8FD15EA1396E07BD
                                                                                                                                                                                          SHA-256:6A7B90EFFEE1E09D5B484CDF7232016A43E2D9CC9543BCBB8E494B1EC05E1F59
                                                                                                                                                                                          SHA-512:F1D59046FFA5B0083A5259CEB03219CCDB8CC6AAC6247250CBD83E70F080784391FCC303F7630E1AD40E5CCF5041A57CB9B68ADEFEC1EBC6C31FCF7FFC65E9B7
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: importlib_metadata.Version: 8.0.0.Summary: Read metadata from Python packages.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/python/importlib_metadata.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: zipp >=0.5.Requires-Dist: typing-extensions >=3.6.4 ; python_version < "3.8".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: perf.Requires-D

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2518
                                                                                                                                                                                          Entropy (8bit):5.6307766747793275
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:UnuXTg06U5J/Vw9l/gfNX7/XzBk9pvJq/fwJOfYrBfnJ/V0XJnzN/3WJV:bXzP/EgdzzBkDJsoIYrBfJ/CXNz9qV
                                                                                                                                                                                          MD5:EB513CAFA5226DDA7D54AFDCC9AD8A74
                                                                                                                                                                                          SHA1:B394C7AEC158350BAF676AE3197BEF4D7158B31C
                                                                                                                                                                                          SHA-256:0D8D3C6EEB9EBBE86CAC7D60861552433C329DA9EA51248B61D02BE2E5E64030
                                                                                                                                                                                          SHA-512:A0017CFAFF47FDA6067E3C31775FACEE4728C3220C2D4BD70DEF328BD20AA71A343E39DA15CD6B406F62311894C518DFCF5C8A4AE6F853946F26A4B4E767924E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:importlib_metadata-8.0.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_metadata-8.0.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_metadata-8.0.0.dist-info/METADATA,sha256=anuQ7_7h4J1bSEzfcjIBakPi2cyVQ7y7jklLHsBeH1k,4648..importlib_metadata-8.0.0.dist-info/RECORD,,..importlib_metadata-8.0.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_metadata-8.0.0.dist-info/WHEEL,sha256=mguMlWGMX-VHnMpKOjjQidIo1ssRlCFu4a4mBpz1s2M,91..importlib_metadata-8.0.0.dist-info/top_level.txt,sha256=CO3fD9yylANiXkrMo4qHLV_mqXL2sC5JFKgt1yWAT-A,19..importlib_metadata/__init__.py,sha256=tZNB-23h8Bixi9uCrQqj9Yf0aeC--Josdy3IZRIQeB0,33798..importlib_metadata/__pycache__/__init__.cpython-312.pyc,,..importlib_metadata/__pycache__/_adapters.cpython-312.pyc,,..importlib_metadata/__pycache__/_collections.cpython-312.pyc,,..importlib_metadata/__pycache__/_compat.cpython-312.pyc,,..importlib_metadata/__pycac

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):91
                                                                                                                                                                                          Entropy (8bit):4.687870576189661
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeXMRYFAVLMvhRRP+tPCCfA5S:RtC1VLMvhjWBBf
                                                                                                                                                                                          MD5:7D09837492494019EA51F4E97823D79F
                                                                                                                                                                                          SHA1:7829B4324BB542799494131A270EC3BDAD4DEDEF
                                                                                                                                                                                          SHA-256:9A0B8C95618C5FE5479CCA4A3A38D089D228D6CB1194216EE1AE26069CF5B363
                                                                                                                                                                                          SHA-512:A0063220ECDD22C3E735ACFF6DE559ACF3AC4C37B81D37633975A22A28B026F1935CD1957C0FF7D2ECC8B7F83F250310795EECC5273B893FFAB115098F7B9C38
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: setuptools (70.1.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):19
                                                                                                                                                                                          Entropy (8bit):3.536886723742169
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:JSej0EBERG:50o4G
                                                                                                                                                                                          MD5:A24465F7850BA59507BF86D89165525C
                                                                                                                                                                                          SHA1:4E61F9264DE74783B5924249BCFE1B06F178B9AD
                                                                                                                                                                                          SHA-256:08EDDF0FDCB29403625E4ACCA38A872D5FE6A972F6B02E4914A82DD725804FE0
                                                                                                                                                                                          SHA-512:ECF1F6B777970F5257BDDD353305447083008CEBD8E5A27C3D1DA9C7BDC3F9BF3ABD6881265906D6D5E11992653185C04A522F4DB5655FF75EEDB766F93D5D48
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:importlib_metadata.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11358
                                                                                                                                                                                          Entropy (8bit):4.4267168336581415
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLh3kTSEn7HbHR:U9vlKM1zJlFvmNz5VrlkTS07Ht
                                                                                                                                                                                          MD5:3B83EF96387F14655FC854DDC3C6BD57
                                                                                                                                                                                          SHA1:2B8B815229AA8A61E483FB4BA0588B8B6C491890
                                                                                                                                                                                          SHA-256:CFC7749B96F63BD31C3C42B5C471BF756814053E847C10F3EB003417BC523D30
                                                                                                                                                                                          SHA-512:98F6B79B778F7B0A15415BD750C3A8A097D650511CB4EC8115188E115C47053FE700F578895C097051C9BC3DFB6197C2B13A15DE203273E1A3218884F86E90E8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3944
                                                                                                                                                                                          Entropy (8bit):5.015824473130961
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:DHxQuiTaCP1nTGDbHRbnzQWHaiQq+fT5lWp8sSwTW:2PP9GDbHRbnp+rapPSwTW
                                                                                                                                                                                          MD5:C3EB48CD13B50DDED7CD524E1E9DD4CE
                                                                                                                                                                                          SHA1:7C9B0B50D0E667825DAB09902AD8376A5F2945B6
                                                                                                                                                                                          SHA-256:83878CD8BB8BD0E89971454D0F4AB00C9529136F603AFB4EDC148F5D36CEF459
                                                                                                                                                                                          SHA-512:056EBC250B7E82F91B5C5E96B1293F24D5E917E06846A9716A4D05B47C30FEB3781E439C77876CF7D8620BEBAA4A253039CA8DF122283DE304992E340F4DE8BF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: importlib_resources.Version: 6.4.0.Summary: Read resources from Python packages.Home-page: https://github.com/python/importlib_resources.Author: Barry Warsaw.Author-email: barry@python.org.Project-URL: Documentation, https://importlib-resources.readthedocs.io/.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: zipp >=3.1.0 ; python_version < "3.10".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: sphinx <7.2.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; ext

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7620
                                                                                                                                                                                          Entropy (8bit):5.560551717923108
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:lX7qdX7ZgsP7JtILSVAn5V26+XuVYmBXx:lX7wX7ZBP7ELSVAni6+iBh
                                                                                                                                                                                          MD5:67F5E26385B6BDCF2236A005A2D2BA32
                                                                                                                                                                                          SHA1:3DCD8685638A90D121FD484138AFCAC9775E5D66
                                                                                                                                                                                          SHA-256:967DD56FEEA143F1D2C4E98AC1F937C055E61C9AA0425146D55F7AD7C82510FA
                                                                                                                                                                                          SHA-512:30B5812E930A00A476E570EBCC4611D54C911A8B1E4646949A887F551FC5ABDC933311A554B197C602F0DA7626DFE8877A3F267EFBC6D724E24A3E9B5FCC2E30
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:importlib_resources-6.4.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..importlib_resources-6.4.0.dist-info/LICENSE,sha256=z8d0m5b2O9McPEK1xHG_dWgUBT6EfBDz6wA0F7xSPTA,11358..importlib_resources-6.4.0.dist-info/METADATA,sha256=g4eM2LuL0OiZcUVND0qwDJUpE29gOvtO3BSPXTbO9Fk,3944..importlib_resources-6.4.0.dist-info/RECORD,,..importlib_resources-6.4.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..importlib_resources-6.4.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..importlib_resources-6.4.0.dist-info/top_level.txt,sha256=fHIjHU1GZwAjvcydpmUnUrTnbvdiWjG4OEVZK8by0TQ,20..importlib_resources/__init__.py,sha256=uyp1kzYR6SawQBsqlyaXXfIxJx4Z2mM8MjmZn8qq2Gk,505..importlib_resources/__pycache__/__init__.cpython-312.pyc,,..importlib_resources/__pycache__/_adapters.cpython-312.pyc,,..importlib_resources/__pycache__/_common.cpython-312.pyc,,..importlib_resources/__pycache__/_itertools.cpython-312.pyc,,..importlib_resource

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\importlib_resources-6.4.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):20
                                                                                                                                                                                          Entropy (8bit):3.6841837197791887
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:JSe8AW6D:3fD
                                                                                                                                                                                          MD5:0613840F692BD9E064FEDD915DFD477A
                                                                                                                                                                                          SHA1:64DF38B36F541BA1714C15FCA1A9CA8C94EF2DAA
                                                                                                                                                                                          SHA-256:7C72231D4D46670023BDCC9DA6652752B4E76EF7625A31B83845592BC6F2D134
                                                                                                                                                                                          SHA-512:78AA888C24B3468C94FCB8EB882561D4B6F19A0537A4CFDDDFF94ED8A4BAFE8DF0C2B620E70B57A61E8BA3F877856DB9ADA548DFCA8CAE86D4C3C525A4E9B7EB
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:importlib_resources.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):21079
                                                                                                                                                                                          Entropy (8bit):5.103530371859935
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:12Vpnu38/2K9tjUaNtT/yTCtYTnWDdg3GaXb51KLVgWTVPeEGsuPrAESM:12Vpnu38JZtT/yIdg3D51KLV7RPeEGs+
                                                                                                                                                                                          MD5:1A287FAF08B125BC7C932AAD05E7DAEE
                                                                                                                                                                                          SHA1:C37042ADC0D1270485F4B8B5B9E085A274DC035B
                                                                                                                                                                                          SHA-256:66030D634580651B3E53CC19895D9231F8D22AA06B327817C8332CFC20303308
                                                                                                                                                                                          SHA-512:D0BB0AD27A17007DF7D3281FB2F46EFB048B69532D082AB1D431E0BA28E592D897687708B4EC972F4BC21EDA29DDDDC9EF44BB950DFC4FFB03EA75CDA4DE414C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: inflect.Version: 7.3.1.Summary: Correctly generate plurals, singular nouns, ordinals, indefinite articles.Author-email: Paul Dyson <pwdyson@yahoo.com>.Maintainer-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/jaraco/inflect.Keywords: plural,inflect,participle.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Natural Language :: English.Classifier: Operating System :: OS Independent.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Topic :: Text Processing :: Linguistic.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: more-itertools >=8.5.0.Requires-Dist: typeguard >=4.0.1.Requires-Dist: typing-extensions ; python_version < "3.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):943
                                                                                                                                                                                          Entropy (8bit):5.828988691860191
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:IVn/2zDPvbqfuIpBntmuIcjlM+sVGXdbkDcnJopDvDK16bZWJV:unuXPzUuIpRtmuZjl9sVQgcnJo9bK16E
                                                                                                                                                                                          MD5:C837BB3258448B7FCC6B77559C7F17B6
                                                                                                                                                                                          SHA1:B15701449CD64A13756A70AD3704E26DB1FF416B
                                                                                                                                                                                          SHA-256:5D7834AC1BA2612C6801050FDE57A7B98B0F36ACF88C3C2D4F376FD8911B3091
                                                                                                                                                                                          SHA-512:2333CD86502C51607414390ECF43BD6D62E863D3DFB0501DAD3A8B45F5F4DFA81F910917183FC4F4A0DEEC82C8F8B3CF8D5B0A2C136DEB164226BABE68B74A33
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:inflect-7.3.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..inflect-7.3.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..inflect-7.3.1.dist-info/METADATA,sha256=ZgMNY0WAZRs-U8wZiV2SMfjSKqBrMngXyDMs_CAwMwg,21079..inflect-7.3.1.dist-info/RECORD,,..inflect-7.3.1.dist-info/WHEEL,sha256=y4mX-SOX4fYIkonsAGA5N0Oy-8_gI4FXw5HNI1xqvWg,91..inflect-7.3.1.dist-info/top_level.txt,sha256=m52ujdp10CqT6jh1XQxZT6kEntcnv-7Tl7UiGNTzWZA,8..inflect/__init__.py,sha256=Jxy1HJXZiZ85kHeLAhkmvz6EMTdFqBe-duvt34R6IOc,103796..inflect/__pycache__/__init__.cpython-312.pyc,,..inflect/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..inflect/compat/__pycache__/__init__.cpython-312.pyc,,..inflect/compat/__pycache__/py38.cpython-312.pyc,,..inflect/compat/py38.py,sha256=oObVfVnWX9_OpnOuEJn1mFbJxVhwyR5epbiTNXDDaso,160..inflect/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):91
                                                                                                                                                                                          Entropy (8bit):4.7098485981676825
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeXMRYFAVLKSgP+tPCCfA5S:RtC1VLKZWBBf
                                                                                                                                                                                          MD5:EB46A94D39AC40E2EEA4A32729E0C8C3
                                                                                                                                                                                          SHA1:E42EF49A7098269E1934932ECC3174B40967982A
                                                                                                                                                                                          SHA-256:CB8997F92397E1F6089289EC0060393743B2FBCFE0238157C391CD235C6ABD68
                                                                                                                                                                                          SHA-512:D89F0DA16AA37AAFAC0DE56A3DFBD72DC3C9DCC53C8E455094E7230DB21ABF95ED76EAC1848A4156DB422B9C10BE136201D871DCCB73AD38192E5536E41DBDFE
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: setuptools (70.2.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\inflect-7.3.1.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8
                                                                                                                                                                                          Entropy (8bit):3.0
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:KDpJ:K9J
                                                                                                                                                                                          MD5:4571281D24750CBE7638EFE250E342AB
                                                                                                                                                                                          SHA1:61E8A0AD5796F1CA67EAB0D8108A6402483D499B
                                                                                                                                                                                          SHA-256:9B9DAE8DDA75D02A93EA38755D0C594FA9049ED727BFEED397B52218D4F35990
                                                                                                                                                                                          SHA-512:E7807002E53CC228D6EFB307E928C6737796B29E31D25A342ED407F556FFBF540494FE92C27B5C31043D2D7FF427C78A29C4FF5595BC11BB643003026642254E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:inflect.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3933
                                                                                                                                                                                          Entropy (8bit):4.993707893382395
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:D0duaC9zmnEh2S8xI0+4np+A+fbl7inVgQJSwT2:qq9KnEh2zxI0+4npn+zlmn+QJSwT2
                                                                                                                                                                                          MD5:C9BA49C9B82CEFCCAC79CB5B76BCB1EE
                                                                                                                                                                                          SHA1:AC0DB25AEFD2679B4C3265E713D00F6155A94465
                                                                                                                                                                                          SHA-256:20C51A96236C0395F53B1F4C5D458E6A0721E51E16C1BFF733B7ABA76F5D06D8
                                                                                                                                                                                          SHA-512:563C3BEC6FB8D137357130BADCB63A229A18A781B05E2F006F4A42AF7C9052D23D266908DA2E62FF283C9BA7BAA9B6CB6FB32A1999CB07F63471CA43003A34C0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: jaraco.collections.Version: 5.1.0.Summary: Collection objects similar to those in stdlib by jaraco.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Source, https://github.com/jaraco/jaraco.collections.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: jaraco.text.Provides-Extra: check.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'check'.Requires-Dist: pytest-ruff >=0.2.1 ; (sys_platform != "cygwin") and extra == 'check'.Provides-Extra: cover.Requires-Dist: pytest-cov ; extra == 'cover'.Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):873
                                                                                                                                                                                          Entropy (8bit):5.770829319764291
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:T9bn/2zDabvbqfunb1AO5bGYbEsJvbp1blKzmKmJaaX9WJV:T9bnuXabzUunb1AgbBb5Jvbp1blscWJV
                                                                                                                                                                                          MD5:0463062305AC30E7F3D6AB12DA825D90
                                                                                                                                                                                          SHA1:AC83602461BF535C78EB4CCC13AB103C12110D57
                                                                                                                                                                                          SHA-256:1E9B62BD70E4A5FA26E9594CBB80860FFECA3DEBFEE8773DAEFA774CD259CA06
                                                                                                                                                                                          SHA-512:8F617D9A2DA41BDC8591D9EA9F2DBE79D7C5816BA7A94D4044AFF2A0504C9738E83FFCAA350CEF20764D430C261C9DC17DBB5E4ABB7AE54C3BE8715C8AD6BB71
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.collections-5.1.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.collections-5.1.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.collections-5.1.0.dist-info/METADATA,sha256=IMUaliNsA5X1Ox9MXUWOagch5R4Wwb_3M7erp29dBtg,3933..jaraco.collections-5.1.0.dist-info/RECORD,,..jaraco.collections-5.1.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..jaraco.collections-5.1.0.dist-info/WHEEL,sha256=Mdi9PDNwEZptOjTlUcAth7XJDFtKrHYaQMPulZeBCiQ,91..jaraco.collections-5.1.0.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/collections/__init__.py,sha256=Pc1-SqjWm81ad1P0-GttpkwO_LWlnaY6gUq8gcKh2v0,26640..jaraco/collections/__pycache__/__init__.cpython-312.pyc,,..jaraco/collections/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):91
                                                                                                                                                                                          Entropy (8bit):4.696166043246402
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeXMRYFAWWHKRRP+tPCCfA5S:RtC1qjWBBf
                                                                                                                                                                                          MD5:6FBE8610D7E48CA32AE774804C4A0B19
                                                                                                                                                                                          SHA1:102D23C4ECB17ED83A6E43888B45FF2BBFE93E0B
                                                                                                                                                                                          SHA-256:31D8BD3C3370119A6D3A34E551C02D87B5C90C5B4AAC761A40C3EE9597810A24
                                                                                                                                                                                          SHA-512:78738099EC5B31FDEE5AE50F7840F17EFD526588835157CADF4249882462B1AF2E3BEDB77801A9FCB1D22A8FD41AA6A934B382F3E66309723D0E7F93C2F2868A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: setuptools (73.0.1).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.collections-5.1.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7
                                                                                                                                                                                          Entropy (8bit):2.5216406363433186
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                          MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                          SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                          SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                          SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (406)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4020
                                                                                                                                                                                          Entropy (8bit):4.99859161164956
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:D6P4YaCP1gGRbHneRohWYc+f/PCnG9rulJQ84UNxCUSwTcL:kPqGRbHneRohWJ+XPaqylW/USwTcL
                                                                                                                                                                                          MD5:812F27A7C8C748351DC1643D58B6B250
                                                                                                                                                                                          SHA1:AC9C92013B2F0FC65D741B32A9FE4B956DD6EB7D
                                                                                                                                                                                          SHA-256:C43B60B897A3D2D37D8845C252FC44261D9AEF171E21154111A9012D2AFFFED6
                                                                                                                                                                                          SHA-512:CAC62C3682F808D85233B69F1C142B5A0E95E316E4BDCBC6EE253583EC302FA42E635BAB6A837327D8CE5D26C08C8DCD9E45D5CFDD8346B4501C473250D66953
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: jaraco.context.Version: 5.3.0.Summary: Useful decorators and context managers.Home-page: https://github.com/jaraco/jaraco.context.Author: Jason R. Coombs.Author-email: jaraco@jaraco.com.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.License-File: LICENSE.Requires-Dist: backports.tarfile ; python_version < "3.12".Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest !=8.1.1,>=6 ; extra == 'testing'.Requires-Dist: pytest-checkdocs >=2.4

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):641
                                                                                                                                                                                          Entropy (8bit):5.76835538630355
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:TGA0a/2zDJAv/TnqfQlWJAL/fy9vKAGvAXCaaryBAl2VrkEQCXvbAT2r1S:TBn/2zDCvbqfuLO9FGoXamalKSCXzB1S
                                                                                                                                                                                          MD5:2B0A77624AE3903E42C3A8213E593796
                                                                                                                                                                                          SHA1:D63027FF018995D0620E2497BCE9678888A57667
                                                                                                                                                                                          SHA-256:55197B88A78443297BB2D827A75BAAE740B33896251D872835D4B4C75EC2F57E
                                                                                                                                                                                          SHA-512:C02FB1554F8F40158BB60F2B4EC07D80F71CFBFFB38463C5809385A7A2FF8DDB2BDFEFE9AE5E67F4DEC3D904A6E0925E565B0EE6363DD0C2ED5B03A96B056B18
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.context-5.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.context-5.3.0.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.context-5.3.0.dist-info/METADATA,sha256=xDtguJej0tN9iEXCUvxEJh2a7xceIRVBEakBLSr__tY,4020..jaraco.context-5.3.0.dist-info/RECORD,,..jaraco.context-5.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.context-5.3.0.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/__pycache__/context.cpython-312.pyc,,..jaraco/context.py,sha256=REoLIxDkO5MfEYowt_WoupNCRoxBS5v7YX2PbW8lIcs,9552..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.context-5.3.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7
                                                                                                                                                                                          Entropy (8bit):2.5216406363433186
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                          MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                          SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                          SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                          SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2891
                                                                                                                                                                                          Entropy (8bit):5.034580807599395
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DEmbsaC3J1x9Ie9okNGwQw8wQw2wTw0zCPU0+I65Jib0H++kv0gM5d0DT+heU04u:DEmgaCZ1nTGDbHRAnzpI6o+fX5dFSwTm
                                                                                                                                                                                          MD5:C2E6BDA7F1B03B39BF42D31B6DBF6C38
                                                                                                                                                                                          SHA1:B7A18F079DE22D10C4C318E54BD8C48177F91333
                                                                                                                                                                                          SHA-256:8B86946900D7FA38DD1102B9C1EBE17A0CB1F09C8B7E29F61F2BDA4A4DC51ECA
                                                                                                                                                                                          SHA-512:F4E892B3D41482E3B17642B1D722B6E2A8E8DD4833F0623C29ED2D50D55CFC68DA1F9756B4E08723DC89F3E552424096C92912AC4DA533FE8E2DC59DC19EA9CF
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: jaraco.functools.Version: 4.0.1.Summary: Functools like those found in stdlib.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/jaraco.functools.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: more-itertools.Provides-Extra: docs.Requires-Dist: sphinx >=3.5 ; extra == 'docs'.Requires-Dist: sphinx <7.2.5 ; extra == 'docs'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'docs'.Requires-Dist: rst.linker >=1.9 ; extra == 'docs'.Requires-Dist: furo ; extra == 'docs'.Requires-Dist: sphinx-lint ; extra == 'docs'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'docs'.Provides-Extra: testing.Requires-Dist: pytest >=6 ;

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):843
                                                                                                                                                                                          Entropy (8bit):5.807846597836061
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:Tmn/2zDRvbqfuggoaGnXamZlKZBX3vpBvt+c0X4yWJV:TmnuXRzUuggDifZlmX/aWJV
                                                                                                                                                                                          MD5:85FB54BAFB143CD57D1787F7EF74FDB2
                                                                                                                                                                                          SHA1:A915BBCDF108A58F3DFC1783D9D4DD3B7F3CE23A
                                                                                                                                                                                          SHA-256:632AA7C04F7C4BCC01C027AF5B9BC76FE8958F4A181035B957A3BD3014BA248B
                                                                                                                                                                                          SHA-512:2A39B4C6F221F88EC61D584C8CD3CAD358E8C7B50E529192105A0A4144ED3C2A4CE8B630C39C18D20E27FE226A23E2DE23CDFF8E3D3693959B165A9A2F9047CD
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.functools-4.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.functools-4.0.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.functools-4.0.1.dist-info/METADATA,sha256=i4aUaQDX-jjdEQK5wevhegyx8JyLfin2HyvaSk3FHso,2891..jaraco.functools-4.0.1.dist-info/RECORD,,..jaraco.functools-4.0.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.functools-4.0.1.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/functools/__init__.py,sha256=hEAJaS2uSZRuF_JY4CxCHIYh79ZpxaPp9OiHyr9EJ1w,16642..jaraco/functools/__init__.pyi,sha256=gk3dsgHzo5F_U74HzAvpNivFAPCkPJ1b2-yCd62dfnw,3878..jaraco/functools/__pycache__/__init__.cpython-312.pyc,,..jaraco/functools/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.functools-4.0.1.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7
                                                                                                                                                                                          Entropy (8bit):2.5216406363433186
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                          MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                          SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                          SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                          SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3658
                                                                                                                                                                                          Entropy (8bit):5.02710641474483
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:DYMaCFS802Vpnu388Ksc+fIybwFiR8g6RSwTsL:pFz02Vpnu388KB+gybwgRd6RSwTsL
                                                                                                                                                                                          MD5:70FE732EDE8F8E6C84DA4EA21D4933E5
                                                                                                                                                                                          SHA1:A7763789FA56CEBBAA849368FAAC7D386F170399
                                                                                                                                                                                          SHA-256:03359D9BA56231F0CE3E840C7CB5A7DB380141218949CCAA78DDBD4DCB965D52
                                                                                                                                                                                          SHA-512:4C8D3D5078840BD4DBE20458EBF52890585C5911C22C3EFCE2FB28985461BC80469339DDAF6016FB099C84BDF9B41A26FF1884B456422A8D0C682104D7950D91
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: jaraco.text.Version: 3.12.1.Summary: Module for text manipulation.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/jaraco.text.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Requires-Dist: jaraco.functools.Requires-Dist: jaraco.context >=4.1.Requires-Dist: autocommand.Requires-Dist: inflect.Requires-Dist: more-itertools.Requires-Dist: importlib-resources ; python_version < "3.9".Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1500
                                                                                                                                                                                          Entropy (8bit):5.794249493238335
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:TkLFn/2zDVLFvbqfuaLFo2kXLFGnLFEsJiLFXamdLFlKbkZ6d3JpPXu/1XWXYXw2:TcnuXDzUuuCw5Jmfblyz3Jp2/NUsM0bN
                                                                                                                                                                                          MD5:39FCCE64BC768C2046067E4AAD8465F0
                                                                                                                                                                                          SHA1:2EFC0FC776576A8FE01BBACD0760A49EEE6481DA
                                                                                                                                                                                          SHA-256:816D945741DCA246099388CA3EED74FC0667ACBAA36F70B559B2494C3979B1F6
                                                                                                                                                                                          SHA-512:FB2335A6675F9CADEEE38B666FAB9EA1D8BFBA6B7768253D42F44149591A3239F4B2FA19DDF2C282DC7E47A01D7DCA69AADBBCDAC9107EDBCB2C22D11BA81287
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.text-3.12.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..jaraco.text-3.12.1.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..jaraco.text-3.12.1.dist-info/METADATA,sha256=AzWdm6ViMfDOPoQMfLWn2zgBQSGJScyqeN29TcuWXVI,3658..jaraco.text-3.12.1.dist-info/RECORD,,..jaraco.text-3.12.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..jaraco.text-3.12.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..jaraco.text-3.12.1.dist-info/top_level.txt,sha256=0JnN3LfXH4LIRfXL-QFOGCJzQWZO3ELx4R1d_louoQM,7..jaraco/text/Lorem ipsum.txt,sha256=N_7c_79zxOufBY9HZ3yzMgOkNv-TkOTTio4BydrSjgs,1335..jaraco/text/__init__.py,sha256=Y2YUqXR_orUoDaY4SkPRe6ZZhb5HUHB_Ah9RCNsVyho,16250..jaraco/text/__pycache__/__init__.cpython-312.pyc,,..jaraco/text/__pycache__/layouts.cpython-312.pyc,,..jaraco/text/__pycache__/show-newlines.cpython-312.pyc,,..jaraco/text/__pycache__/strip-prefix.cpython-312.pyc,,..jaraco/text/__py

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco.text-3.12.1.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):7
                                                                                                                                                                                          Entropy (8bit):2.5216406363433186
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:GEG0:GEG0
                                                                                                                                                                                          MD5:0BA8D736B7B4AB182687318B0497E61E
                                                                                                                                                                                          SHA1:311BA5FFD098689179F299EF20768EE1A29F586D
                                                                                                                                                                                          SHA-256:D099CDDCB7D71F82C845F5CBF9014E18227341664EDC42F1E11D5DFE5A2EA103
                                                                                                                                                                                          SHA-512:7CCCBB4AFA2FADE40D529482301BEAE152E0C71EE3CC41736EB19E35CFC5EE3B91EF958CF5CA6B7330333B8494FEB6682FD833D5AA16BF4A8F1F721FD859832C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:jaraco.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\jaraco\text\Lorem ipsum.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text, with very long lines (888)
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1335
                                                                                                                                                                                          Entropy (8bit):4.226823573023539
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:FP6Hbz+g9RPZ14bJi04L6GEbX4UQF4UkZQhxI2EIhNyu:9E+i6bJmLm43+Uxxnh0u
                                                                                                                                                                                          MD5:4CE7501F6608F6CE4011D627979E1AE4
                                                                                                                                                                                          SHA1:78363672264D9CD3F72D5C1D3665E1657B1A5071
                                                                                                                                                                                          SHA-256:37FEDCFFBF73C4EB9F058F47677CB33203A436FF9390E4D38A8E01C9DAD28E0B
                                                                                                                                                                                          SHA-512:A4CDF92725E1D740758DA4DD28DF5D1131F70CEF46946B173FE6956CC0341F019D7C4FECC3C9605F354E1308858721DADA825B4C19F59C5AD1CE01AB84C46B24
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum..Curabitur pretium tincidunt lacus. Nulla gravida orci a odio. Nullam varius, turpis et commodo pharetra, est eros bibendum elit, nec luctus magna felis sollicitudin mauris. Integer in mauris eu nibh euismod gravida. Duis ac tellus et risus vulputate vehicula. Donec lobortis risus a elit. Etiam tempor. Ut ullamcorper, ligula eu tempor congue, eros est euismod turpis, id tincidunt sapien risus a quam. Maecenas fermentum consequat mi. Donec fermentum. Pellentesque malesuada nulla a mi. Duis sapien sem, aliquet nec, commodo eget, consequat quis, neque.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\more_itertools-10.3.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\more_itertools-10.3.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1053
                                                                                                                                                                                          Entropy (8bit):5.0945274555157285
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:arOJH7H0yxgtUHw1hC09QHOsUv4eOk4/+/m3oqLFh:aSJrlxEvdQHOs5exm3ogFh
                                                                                                                                                                                          MD5:3396EA30F9D21389D7857719816F83B5
                                                                                                                                                                                          SHA1:0D43A836DAC65C0EA426AD49C881A1086600BF85
                                                                                                                                                                                          SHA-256:09F1C8C9E941AF3E584D59641EA9B87D83C0CB0FD007EB5EF391A7E2643C1A46
                                                                                                                                                                                          SHA-512:D43092223392EDDA3BD777625F5BF54ACB0CC00C25555A4F8A16DB9CCDAFC380D3204486CB2A5FDC9D3F9E459B1FED948FFC7000AA0E40F37B807A01F4421294
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Copyright (c) 2012 Erik Rose..Permission is hereby granted, free of charge, to any person obtaining a copy of.this software and associated documentation files (the "Software"), to deal in.the Software without restriction, including without limitation the rights to.use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies.of the Software, and to permit persons to whom the Software is furnished to do.so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CONNECTION WITH THE SO

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\more_itertools-10.3.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):36293
                                                                                                                                                                                          Entropy (8bit):3.717596190655759
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:bs9cnyPtWIRmL0QnCHx4Zi3XBB9GcF89oi+odVBqCv9d3m24TeYH5AvDpG27IFf5:Ua+H1Nsg/
                                                                                                                                                                                          MD5:5BA05B51B603386707E1E3A101CDD6B3
                                                                                                                                                                                          SHA1:FFCCEC7FD799CC4AB07530954FEF3BE2472E2C23
                                                                                                                                                                                          SHA-256:0453BDD0EF9F2CD89540CA63EE8212E73B73809514419DD3037D8FE471F737E0
                                                                                                                                                                                          SHA-512:FE7F7D6B6C8089B09A18930EF462BA4C7A15EAF6D3E8610AC655ECADE16CE31D9C01ECE84C88A3C2D9DD34DE70E194A020E28179CF33B21389EE3EEFC7229B74
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: more-itertools.Version: 10.3.0.Summary: More routines for operating on iterables, beyond itertools.Keywords: itertools,iterator,iteration,filter,peek,peekable,chunk,chunked.Author-email: Erik Rose <erikrose@grinchcentral.com>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Natural Language :: English.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: Py

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\more_itertools-10.3.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1259
                                                                                                                                                                                          Entropy (8bit):5.794423512787632
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:Bhxn/2zDahxvIhxphxBhxEsJXhxzvXiCflBJRHXoggtqgmf7WJhmsxmwG:hnuXwOph5J3zvXi4Lo7qgQ7WJhS
                                                                                                                                                                                          MD5:178EE325409DD28809AD3661E8819EF8
                                                                                                                                                                                          SHA1:F5844FAC6E3C9133FE5F1B8195EE801959801DF3
                                                                                                                                                                                          SHA-256:77C8E73E018DC0FD7E9ED6C80B05A4404545F641FB085220CE42B368B59AA3D3
                                                                                                                                                                                          SHA-512:2DB06B622F644674BF7D7AD8B780F9802858D15D73B5075139C2D82181DD6D589B90172BCA7AE9C785E705F447F523DB2AE641826C550C599551A7D8C2396FC2
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:more_itertools-10.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..more_itertools-10.3.0.dist-info/LICENSE,sha256=CfHIyelBrz5YTVlkHqm4fYPAyw_QB-te85Gn4mQ8GkY,1053..more_itertools-10.3.0.dist-info/METADATA,sha256=BFO90O-fLNiVQMpj7oIS5ztzgJUUQZ3TA32P5HH3N-A,36293..more_itertools-10.3.0.dist-info/RECORD,,..more_itertools-10.3.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..more_itertools-10.3.0.dist-info/WHEEL,sha256=rSgq_JpHF9fHR1lx53qwg_1-2LypZE_qmcuXbVUq948,81..more_itertools/__init__.py,sha256=dtAbGjTDmn_ghiU5YXfhyDy0phAlXVdt5klZA5fUa-Q,149..more_itertools/__init__.pyi,sha256=5B3eTzON1BBuOLob1vCflyEb2lSd6usXQQ-Cv-hXkeA,43..more_itertools/__pycache__/__init__.cpython-312.pyc,,..more_itertools/__pycache__/more.cpython-312.pyc,,..more_itertools/__pycache__/recipes.cpython-312.pyc,,..more_itertools/more.py,sha256=1E5kzFncRKTDw0cYv1yRXMgDdunstLQd1QStcnL6U90,148370..more_itertools/more.pyi,sha256=iXXeqt48Nxe8VGmIWpkVXuKpR2FYNuu2DU8nQL

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\more_itertools-10.3.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFML6KjP+tPCCfA5I:Rt1QqL6gWBB3
                                                                                                                                                                                          MD5:FE76A5D309B5416824C2034FBF8A16CD
                                                                                                                                                                                          SHA1:5975EB6043863B0D018A5D751293F38E0B8E2874
                                                                                                                                                                                          SHA-256:AD282AFC9A4717D7C7475971E77AB083FD7ED8BCA9644FEA99CB976D552AF78F
                                                                                                                                                                                          SHA-512:6E4610171DD4E7E49FB4570CF3562D26A4F171FF67DA0F3A259A77916ACB939C8FCA7DA9F473EFAD839947796AC8CD7385DAA3264ADB150FF131A5C0FAC9329C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.8.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):197
                                                                                                                                                                                          Entropy (8bit):4.510719529760597
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:hWDncJhByZmJgXPForADu1QjygQuaAJygT2d5GeWreBNA2eBKmJozlMHuO:h9Co8FyQjkDYc5tWreBN0n2mH1
                                                                                                                                                                                          MD5:FAADAEDCA9251A90B205C9167578CE91
                                                                                                                                                                                          SHA1:ED1FCABA1DBBF55113ABB419A484F3DF63E7ECFC
                                                                                                                                                                                          SHA-256:CAD1EF5BD340D73E074BA614D26F7DEACA5C7940C3D8C34852E65C4909686C48
                                                                                                                                                                                          SHA-512:1E69C89558FFE39E5C1EBB6728C4F0EB6023563C7A7F31B5417A8EFCC906378D2E2AF7B0E06A66980FBAAB7996AEB2AE1EA3918FDBE5FFCC3F77EA888A68EFBC
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:This software is made available under the terms of *either* of the licenses.found in LICENSE.APACHE or LICENSE.BSD. Contributions to this software is made.under the terms of *both* these licenses..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\LICENSE.APACHE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10174
                                                                                                                                                                                          Entropy (8bit):4.3908324771089084
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:nU6G5KXSD9VYUKhu1JVF9hFGvV/QiGkS594drFjuHYx5dvTrLhP:U9vlKM1zJlFvmNz5VrZ
                                                                                                                                                                                          MD5:2EE41112A44FE7014DCE33E26468BA93
                                                                                                                                                                                          SHA1:598F87F072F66E2269DD6919292B2934DBB20492
                                                                                                                                                                                          SHA-256:0D542E0C8804E39AA7F37EB00DA5A762149DC682D7829451287E11B938E94594
                                                                                                                                                                                          SHA-512:27B8C0252EAE50CA3CE02AB7C5670664C0C824E03EB3DA1089F3F0A00D23E648A956BCB9F53645C6D79674A87C4CC86D1085DC335911BE0210D691336B121857
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:. Apache License. Version 2.0, January 2004. http://www.apache.org/licenses/.. TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION.. 1. Definitions... "License" shall mean the terms and conditions for use, reproduction,. and distribution as defined by Sections 1 through 9 of this document... "Licensor" shall mean the copyright owner or entity authorized by. the copyright owner that is granting the License... "Legal Entity" shall mean the union of the acting entity and all. other entities that control, are controlled by, or are under common. control with that entity. For the purposes of this definition,. "control" means (i) the power, direct or indirect, to cause the. direction or management of such entity, whether by contract or. otherwise, or (ii) ownership of fifty percent (50%) or more of the. outstanding shares, or (iii) beneficial own

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\LICENSE.BSD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1344
                                                                                                                                                                                          Entropy (8bit):5.070827944686827
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:fjUnoorbOFFTJJyRrYFTjz796432s4EOkUs8gROF32s3yTtTf413tf9fsZlTHv:fkOFJSrYJR6432svI32s3Stc13tfyTHv
                                                                                                                                                                                          MD5:7BEF9BF4A8E4263634D0597E7BA100B8
                                                                                                                                                                                          SHA1:FDC0E4EABC45522B079DEFF7D03D70528D775DC0
                                                                                                                                                                                          SHA-256:B70E7E9B742F1CC6F948B34C16AA39FFECE94196364BC88FF0D2180F0028FAC5
                                                                                                                                                                                          SHA-512:96C3273D51B83B6AE1AB85FEFB814DCD6C1E60D311D412242405AA429CC860412477CBD6ECE171408DBB85F0C4FD742E3AF20C758015BC48406AA65A1AB6F60A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Copyright (c) Donald Stufft and individual contributors..All rights reserved...Redistribution and use in source and binary forms, with or without.modification, are permitted provided that the following conditions are met:.. 1. Redistributions of source code must retain the above copyright notice,. this list of conditions and the following disclaimer... 2. Redistributions in binary form must reproduce the above copyright. notice, this list of conditions and the following disclaimer in the. documentation and/or other materials provided with the distribution...THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND.ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED.WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE.DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE.FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL.DAMAGES (INCLUDING, BUT NOT LIM

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3204
                                                                                                                                                                                          Entropy (8bit):4.9859857663557925
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:DRKnOkaMktjaVMxsxCp5QXFfFKiYEvA9TzBnyD:psZfFhgXNG
                                                                                                                                                                                          MD5:3236C0D7091D4A6577FA30E061480CEC
                                                                                                                                                                                          SHA1:F99865B8D3B90AD64A0060F7F2F4C6E4FAEB0A39
                                                                                                                                                                                          SHA-256:5F7A283B75A709FCCD481AEA42379F083D4F3801753365922E6B0732042515D9
                                                                                                                                                                                          SHA-512:A9F0BC43A135732510B98E9C0B7F997D9557A6069352372F1AC3216F0E66FA617D9597990904935D58E5139FB34E17995BFA8B95B90C71997206A2B6955FE867
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: packaging.Version: 24.1.Summary: Core utilities for Python packages.Author-email: Donald Stufft <donald@stufft.io>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Apache Software License.Classifier: License :: OSI Approved :: BSD License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Classifier: Programming Language :: Python :: 3.13.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2565
                                                                                                                                                                                          Entropy (8bit):5.780503861671858
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:bsnuXksXW2Bsv8VsQ7lEsahOsbs5Jhsde8UogvtJkHpHAfEcysrD5WJeCzESowj:vXrW2s8JsMdVogvtJkJgfksP5qeCzOwj
                                                                                                                                                                                          MD5:88FBF3C6BD08040482212DAD5A8EAB02
                                                                                                                                                                                          SHA1:E7EE66942F7321FB77888D492D57C2EEEA1A5171
                                                                                                                                                                                          SHA-256:38A6898306293627C81E2B2D8A93E5F6857D5F7EDB73F0334E8D9A53DAD53B6E
                                                                                                                                                                                          SHA-512:786AE1F883A999A0939C22A756F90D74CC7F87AAF13F6FFF22D8D962D213A1ECBC6AAE2890A5D7347487824CD0E9EB440A3923F01F938EEF068719DFEEE96554
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:packaging-24.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..packaging-24.1.dist-info/LICENSE,sha256=ytHvW9NA1z4HS6YU0m996spceUDD2MNIUuZcSQlobEg,197..packaging-24.1.dist-info/LICENSE.APACHE,sha256=DVQuDIgE45qn836wDaWnYhSdxoLXgpRRKH4RuTjpRZQ,10174..packaging-24.1.dist-info/LICENSE.BSD,sha256=tw5-m3QvHMb5SLNMFqo5_-zpQZY2S8iP8NIYDwAo-sU,1344..packaging-24.1.dist-info/METADATA,sha256=X3ooO3WnCfzNSBrqQjefCD1POAF1M2WSLmsHMgQlFdk,3204..packaging-24.1.dist-info/RECORD,,..packaging-24.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..packaging-24.1.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..packaging/__init__.py,sha256=dtw2bNmWCQ9WnMoK3bk_elL1svSlikXtLpZhCFIB9SE,496..packaging/__pycache__/__init__.cpython-312.pyc,,..packaging/__pycache__/_elffile.cpython-312.pyc,,..packaging/__pycache__/_manylinux.cpython-312.pyc,,..packaging/__pycache__/_musllinux.cpython-312.pyc,,..packaging/__pycache__/_parser.cpython-312.pyc,,

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\packaging-24.1.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                          MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                          SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                          SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                          SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):11429
                                                                                                                                                                                          Entropy (8bit):5.039575520713946
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:n9x/tlCtlsaCUpVQ7yHwgNF8NFvWVDM1RnzadSibNTTh+fOnnxa6jlES4h8a8KAH:3/tlCfsqpq7ydZzM0dGiCbvHcjNj61TA
                                                                                                                                                                                          MD5:12306075DF09A0DBB93315FADDDF73FB
                                                                                                                                                                                          SHA1:1AC8A3679AFCFEEC0BA00851F5F8095DD1B060CD
                                                                                                                                                                                          SHA-256:CE6B227B4D46D4CB57474C2022FE57A557933BB89DAF4596BDF9B12AC296B869
                                                                                                                                                                                          SHA-512:BA0A72B888A14F82FD44FB103C01EF0900B5302F18E986A8264A9A08AB77D1C655C392374FD7B0A98BEF9B9511F6EC78AF3EF8936091C80A0B5364F7A53DC20A
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.3.Name: platformdirs.Version: 4.2.2.Summary: A small Python package for determining appropriate platform-specific dirs, e.g. a `user data dir`..Project-URL: Documentation, https://platformdirs.readthedocs.io.Project-URL: Homepage, https://github.com/platformdirs/platformdirs.Project-URL: Source, https://github.com/platformdirs/platformdirs.Project-URL: Tracker, https://github.com/platformdirs/platformdirs/issues.Maintainer-email: Bern.t G.bor <gaborjbernat@gmail.com>, Julian Berman <Julian@GrayVines.com>, Ofek Lev <oss@ofek.dev>, Ronny Pfannschmidt <opensource@ronnypfannschmidt.de>.License-Expression: MIT.License-File: LICENSE.Keywords: appdirs,application,cache,directory,log,user.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1642
                                                                                                                                                                                          Entropy (8bit):5.780720255872038
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:bn/2zDzoobEsJhfPWcs013+pj456szN6lnhta57WJ+guQg4:bnuXcob5Jhfucs+d49hta9WJ+g1X
                                                                                                                                                                                          MD5:0E141A28570FC62974FC5CEADFE808E3
                                                                                                                                                                                          SHA1:7B92561C5BBBA83D6E16A1C7B195089ACA1766AF
                                                                                                                                                                                          SHA-256:4C211D76D42ED40EFC3ACFCC866D8912A718AFBCA2B7E51849442366D6E99FE8
                                                                                                                                                                                          SHA-512:830721C18A35AECD1EFB81A5FAAF8AC0EA02428EDC5B294458556343788D894B76035F1E661214D975DF2A64DC8C3D6AAA7A53A99BE64B9413B6A5D89D549F9D
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:platformdirs-4.2.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..platformdirs-4.2.2.dist-info/METADATA,sha256=zmsie01G1MtXR0wgIv5XpVeTO7idr0WWvfmxKsKWuGk,11429..platformdirs-4.2.2.dist-info/RECORD,,..platformdirs-4.2.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..platformdirs-4.2.2.dist-info/WHEEL,sha256=zEMcRr9Kr03x1ozGwg5v9NQBKn3kndp6LSoSlVg-jhU,87..platformdirs-4.2.2.dist-info/licenses/LICENSE,sha256=KeD9YukphQ6G6yjD_czwzv30-pSHkBHP-z0NS-1tTbY,1089..platformdirs/__init__.py,sha256=EMGE8qeHRR9CzDFr8kL3tA8hdZZniYjXBVZd0UGTWK0,22225..platformdirs/__main__.py,sha256=HnsUQHpiBaiTxwcmwVw-nFaPdVNZtQIdi1eWDtI-MzI,1493..platformdirs/__pycache__/__init__.cpython-312.pyc,,..platformdirs/__pycache__/__main__.cpython-312.pyc,,..platformdirs/__pycache__/android.cpython-312.pyc,,..platformdirs/__pycache__/api.cpython-312.pyc,,..platformdirs/__pycache__/macos.cpython-312.pyc,,..platformdirs/__pycache__/unix.cpython-312.pyc,,..platformdirs/__p

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):87
                                                                                                                                                                                          Entropy (8bit):4.730668933656452
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeXAaCTR73RP+tPCCfA5I:Rt2PFRWBB3
                                                                                                                                                                                          MD5:8895639B8515B3094302B59E28AFB562
                                                                                                                                                                                          SHA1:FBD4DA759EA5BEB65AE820DFBC47F9B569E89519
                                                                                                                                                                                          SHA-256:CC431C46BF4AAF4DF1D68CC6C20E6FF4D4012A7DE49DDA7A2D2A1295583E8E15
                                                                                                                                                                                          SHA-512:B53C0978DAD2A7195058ABC7B7D20A229EC617BDDBB364D8ED2354F37D5071208735774350F9FBBA5C804BEFCEFE71C27BC5E468E12899DF4687189C468785A0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: hatchling 1.24.2.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\platformdirs-4.2.2.dist-info\licenses\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1089
                                                                                                                                                                                          Entropy (8bit):5.119723466133474
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:VrmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:VaJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                          MD5:EA4F5A41454746A9ED111E3D8723D17A
                                                                                                                                                                                          SHA1:F511A8A63AF8C6E36004B593478436BBC560EE0C
                                                                                                                                                                                          SHA-256:29E0FD62E929850E86EB28C3FDCCF0CEFDF4FA94879011CFFB3D0D4BED6D4DB6
                                                                                                                                                                                          SHA-512:CACA68A5589CA2EAB7C0D74BA5D2B25E3367B9902DFC7578BBA911AC8F8BF1C3A13F25E663C5B6B19BA71BF611943E23F4D0A99BE92A8F7D7FF60732DC3DD409
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MIT License..Copyright (c) 2010-202x The platformdirs developers..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1072
                                                                                                                                                                                          Entropy (8bit):5.10135495500641
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:f9rmJHHH0yN3gtsHw1hC09QHOsUv4eOk4/+/m3oqLFh:1aJHlxE3dQHOs5exm3ogFh
                                                                                                                                                                                          MD5:AAAAF0879D17DF0110D1AA8C8C9F46F5
                                                                                                                                                                                          SHA1:9DA6CA26337A886FB3E8D30EFD4AEDA623DC9ADE
                                                                                                                                                                                          SHA-256:B80816B0D530B8ACCB4C2211783790984A6E3B61922C2B5EE92F3372AB2742FE
                                                                                                                                                                                          SHA-512:EECD0C29FEBF51ADEFB02F970E66EFE7E24D573686DFDB3BEEA63CEFEA012A79CE3C49A899B4F26E9B67DC27176B397F6041909227281F9866BEEDC97389095C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MIT License..Copyright (c) 2021 Taneli Hukkinen..Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to deal.in the Software without restriction, including without limitation the rights.to use, copy, modify, merge, publish, distribute, sublicense, and/or sell.copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all.copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,.OUT OF OR IN CON

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Python script, ASCII text executable
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):8875
                                                                                                                                                                                          Entropy (8bit):4.884349533695185
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:192:h15VsahrDzoGlmLxUJyLIPXR/yrKK3Trclclg2pj4VRR6V8wNVonQd:3swrAamWuIPA2K3v2g
                                                                                                                                                                                          MD5:CBBF7047A51FEDA58386E86182B85B8A
                                                                                                                                                                                          SHA1:D3EA3BDA227794AE35FE7FFC5BD6E5FA2A5EF250
                                                                                                                                                                                          SHA-256:CCF0DC78A98FC0918B5AD67292B1E2C4BED65575A6246CD9D63C914F9942A0F2
                                                                                                                                                                                          SHA-512:A994914F1676790730C6BDACA26FE5F1B18BA9A3B9F0D24D708C722424DED255360A0CC88E239C6BFE467BD2763DF7339BB6B760AB090FAE474A7C9C8AFA8948
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: tomli.Version: 2.0.1.Summary: A lil' TOML parser.Keywords: toml.Author-email: Taneli Hukkinen <hukkin@users.noreply.github.com>.Requires-Python: >=3.7.Description-Content-Type: text/markdown.Classifier: License :: OSI Approved :: MIT License.Classifier: Operating System :: MacOS.Classifier: Operating System :: Microsoft :: Windows.Classifier: Operating System :: POSIX :: Linux.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.7.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: Implementation :: CPython.Classifier: Programming Language :: Python :: Implementation :: PyPy.Classifier: Topic :: Software Development :: Libraries :: Python Modules.Classifier: Typing :: Typed.Project-URL: Changelog, https://github.com/hukkin/tomli/blob/master/CHANGELOG.md.Project-URL:

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):999
                                                                                                                                                                                          Entropy (8bit):5.89030761653127
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:4n/2zDRv53Pb4EsJWc6QtD8r8N8bh8WNdop2+oM8+kzAL5+1:4nuXR1Pb45JWc6QmIebKWcpHoM8JMLy
                                                                                                                                                                                          MD5:D5FAB61E3DB6B54B51FBA607865C195B
                                                                                                                                                                                          SHA1:B94D9126E8FC9D5F29FAFBB67F068E2D111D17FC
                                                                                                                                                                                          SHA-256:0CB9F9A451A1E365AC54B4C88662E1DA0CB54A72D16A5258FB0ABFF9D3E1C022
                                                                                                                                                                                          SHA-512:ABD3EF61D8D578C1DE609560A6985503E60BD53F90DCFF54EBEE23714D9CD88DBA4036ED19B24EC62B8432550311894FCC47BDCCD7CE4DCDE82518F4E02E123C
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:tomli-2.0.1.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..tomli-2.0.1.dist-info/LICENSE,sha256=uAgWsNUwuKzLTCIReDeQmEpuO2GSLCte6S8zcqsnQv4,1072..tomli-2.0.1.dist-info/METADATA,sha256=zPDceKmPwJGLWtZykrHixL7WVXWmJGzZ1jyRT5lCoPI,8875..tomli-2.0.1.dist-info/RECORD,,..tomli-2.0.1.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..tomli-2.0.1.dist-info/WHEEL,sha256=jPMR_Dzkc4X4icQtmz81lnNY_kAsfog7ry7qoRvYLXw,81..tomli/__init__.py,sha256=JhUwV66DB1g4Hvt1UQCVMdfCu-IgAV8FXmvDU9onxd4,396..tomli/__pycache__/__init__.cpython-312.pyc,,..tomli/__pycache__/_parser.cpython-312.pyc,,..tomli/__pycache__/_re.cpython-312.pyc,,..tomli/__pycache__/_types.cpython-312.pyc,,..tomli/_parser.py,sha256=g9-ENaALS-B8dokYpCuzUFalWlog7T-SIYMjLZSWrtM,22633..tomli/_re.py,sha256=dbjg5ChZT23Ka9z9DHOXfdtSpPwUfdgMXnj8NOoly-w,2943..tomli/_types.py,sha256=-GTG2VUqkpxwMqzmVO4F7ybKddIbAnuAHXfmWQcTi3Q,254..tomli/py.typed,sha256=8PjyZ1aVoQpRVvt71muvuq5qE-jTFZkK-GLHkhdebmc,26..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\tomli-2.0.1.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFMthP+tPCCfA5I:Rt1QqDWBB3
                                                                                                                                                                                          MD5:FF39892A240316BD62B5832C03D504BC
                                                                                                                                                                                          SHA1:3883FC4406CC9A73BE0B839C1A0C31D3DDD64829
                                                                                                                                                                                          SHA-256:8CF311FC3CE47385F889C42D9B3F35967358FE402C7E883BAF2EEAA11BD82D7C
                                                                                                                                                                                          SHA-512:B2E57D9C81BBFB7364B8216FC086B8F73C2F2B537E300FB250EFB7972E3908F77A3D504363676C50A195D307822C69EE9B689DE6C48A4E6B8A6BA89A5A99AC32
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.6.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1130
                                                                                                                                                                                          Entropy (8bit):5.118590213496374
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:qt4rWHvH0yPP3Gt6Hw1hP9QHmsUv48OV/+dho3BoqxFB:/S/lPvKhlQHms5QK3WmFB
                                                                                                                                                                                          MD5:F0E423EEA5C91E7AA21BDB70184B3E53
                                                                                                                                                                                          SHA1:A51CCDCB7A9D8C2116D1DFC16F11B3C8A5830F67
                                                                                                                                                                                          SHA-256:6163F7987DFB38D6BC320CE2B70B2F02B862BC41126516D552EF1CD43247E758
                                                                                                                                                                                          SHA-512:8BE742880E6E8495C7EC4C9ECC8F076A9FC9D64FC84B3AEBBC8D2D10DC62AC2C5053F33B716212DCB76C886A9C51619F262C460FC4B39A335CE1AE2C9A8769A8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:This is the MIT license: http://www.opensource.org/licenses/mit-license.php..Copyright (c) Alex Gr.nholm..Permission is hereby granted, free of charge, to any person obtaining a copy of this.software and associated documentation files (the "Software"), to deal in the Software.without restriction, including without limitation the rights to use, copy, modify, merge,.publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons.to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,.INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR.PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE.FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF C

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3717
                                                                                                                                                                                          Entropy (8bit):4.986068381037722
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:DSQRbraktjaAckH94jQnJIK04Fak/grjspC3EklAJj:/Rakd4jA7ak/gvspNWmj
                                                                                                                                                                                          MD5:B6DAAC02F66AC8403E9061881322BABE
                                                                                                                                                                                          SHA1:9A94672CCFEA06156A5F8A321CD0626CFD233AE8
                                                                                                                                                                                          SHA-256:CF675C1C0A744F08580855390DE87CC77D676B312582E8D4CFDB5BB8FD298D21
                                                                                                                                                                                          SHA-512:9C6B7326C90396AA9E962C2731A1085EDB672B5696F95F552D13350843C09A246E0BBF0EC484862DFF434FA5A86DE4C0B7C963958ADE35A066B9D2384076DD47
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: typeguard.Version: 4.3.0.Summary: Run-time type checker for Python.Author-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.License: MIT.Project-URL: Documentation, https://typeguard.readthedocs.io/en/latest/.Project-URL: Change log, https://typeguard.readthedocs.io/en/latest/versionhistory.html.Project-URL: Source code, https://github.com/agronholm/typeguard.Project-URL: Issue tracker, https://github.com/agronholm/typeguard/issues.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Python: >=3.8.Description-Content

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2402
                                                                                                                                                                                          Entropy (8bit):5.729208478282605
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:eDnuX3DVED9HDDeDfPDLkAosGDlDiVoBFj7XH0H3HuwVB6Kgfkx7J/Q1NK1cQyxk:eyX3WRHDiLPjksV7I47J/Q1U6Qyx5fsJ
                                                                                                                                                                                          MD5:D680B2881597974ACD91750E5AB61010
                                                                                                                                                                                          SHA1:E00ED2416B5CE21641E3946905504D62D536972F
                                                                                                                                                                                          SHA-256:48A51959582478352275428CEECD78EF77D79AC9DAE796E39A2EAF2540282552
                                                                                                                                                                                          SHA-512:112172ACB515B0712AC58D78898EB159580ADA3DD3F16AABB37CB7A8D964F9E4BADF2869A245927B83B208D56904831C0F04ED925C95DFCB705801734FB0C7BA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:typeguard-4.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typeguard-4.3.0.dist-info/LICENSE,sha256=YWP3mH37ONa8MgzitwsvArhivEESZRbVUu8c1DJH51g,1130..typeguard-4.3.0.dist-info/METADATA,sha256=z2dcHAp0TwhYCFU5Deh8x31nazElgujUz9tbuP0pjSE,3717..typeguard-4.3.0.dist-info/RECORD,,..typeguard-4.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..typeguard-4.3.0.dist-info/entry_points.txt,sha256=qp7NQ1aLtiSgMQqo6gWlfGpy0IIXzoMJmeQTLpzqFZQ,48..typeguard-4.3.0.dist-info/top_level.txt,sha256=4z28AhuDodwRS_c1J_l8H51t5QuwfTseskYzlxp6grs,10..typeguard/__init__.py,sha256=Onh4w38elPCjtlcU3JY9k3h70NjsxXIkAflmQn-Z0FY,2071..typeguard/__pycache__/__init__.cpython-312.pyc,,..typeguard/__pycache__/_checkers.cpython-312.pyc,,..typeguard/__pycache__/_config.cpython-312.pyc,,..typeguard/__pycache__/_decorators.cpython-312.pyc,,..typeguard/__pycache__/_exceptions.cpython-312.pyc,,..typeguard/__pycache__/_functions.cpython-312.pyc,,..typeguard/__pycache__/_i

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\entry_points.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):4.155187698990101
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:mWSJCQEjMitjHfLvn:mrMJHfbn
                                                                                                                                                                                          MD5:AEAB5BCF8BF89A51C97C4CDF70578848
                                                                                                                                                                                          SHA1:2E9C1617560AB66431AAB90700DB901985293485
                                                                                                                                                                                          SHA-256:AA9ECD43568BB624A0310AA8EA05A57C6A72D08217CE830999E4132E9CEA1594
                                                                                                                                                                                          SHA-512:2BE73E99296DF26A28835F91DD8BC50EB104AF06A3C54666175FAF322E0AD4620453DB0388531C4113B052A92C1D2E4C3088E25AF43CDE42AA852CF7B0CB5B05
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[pytest11].typeguard = typeguard._pytest_plugin.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typeguard-4.3.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                          Entropy (8bit):3.321928094887362
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:LEJn:M
                                                                                                                                                                                          MD5:004A2A8CE1AB120A63902A27D76BD964
                                                                                                                                                                                          SHA1:A4E367AB40410598DADD1FC5F680ED7A176BEB09
                                                                                                                                                                                          SHA-256:E33DBC021B83A1DC114BF73527F97C1F9D6DE50BB07D3B1EB24633971A7A82BB
                                                                                                                                                                                          SHA-512:0D8FF9A43897AB390AB41AFE5BAC8BD38A68C2BEF88E844E5B49BF70E3164B226975CC2717AE3DC3428D1CFBB0BE068C243F104915FEE1FFA58C23FBE76FDB89
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:typeguard.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):13936
                                                                                                                                                                                          Entropy (8bit):5.135214154002924
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:384:cke8RQ6KSAdxC9ad9iqsibQtKti9zpQpzu9Jkh:K8RQ6q7C9ad9iqT8cti9zpQpzu7kh
                                                                                                                                                                                          MD5:FCF6B249C2641540219A727F35D8D2C2
                                                                                                                                                                                          SHA1:C6E195F9AA30CC9B675D1612CA4FB7F74111BD35
                                                                                                                                                                                          SHA-256:3B2F81FE21D181C499C59A256C8E1968455D6689D269AA85373BFB6AF41DA3BF
                                                                                                                                                                                          SHA-512:70367B908204B5922E5D9D2ACE39437DBAA1EEFDAD1797B50CC6E7DCA168D9B59199353BADDDCAEEE12B49D328FC8132F628952383CFE6803CB4F4BF9B9D6D86
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:A. HISTORY OF THE SOFTWARE.==========================..Python was created in the early 1990s by Guido van Rossum at Stichting.Mathematisch Centrum (CWI, see https://www.cwi.nl) in the Netherlands.as a successor of a language called ABC. Guido remains Python's.principal author, although it includes many contributions from others...In 1995, Guido continued his work on Python at the Corporation for.National Research Initiatives (CNRI, see https://www.cnri.reston.va.us).in Reston, Virginia where he released several versions of the.software...In May 2000, Guido and the Python core development team moved to.BeOpen.com to form the BeOpen PythonLabs team. In October of the same.year, the PythonLabs team moved to Digital Creations, which became.Zope Corporation. In 2001, the Python Software Foundation (PSF, see.https://www.python.org/psf/) was formed, a non-profit organization.created specifically to own Python-related Intellectual Property..Zope Corporation was a sponsoring member of the PS

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3018
                                                                                                                                                                                          Entropy (8bit):5.0579916471633
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DtkCMU2ymXbFX1QI/aMktjaVQEBu+FOK+W6i+qXd0qme28mIp9DvvV+Vz+nlh:DtkCD/mxX1QI/aMktjaVBroBBqd0VODD
                                                                                                                                                                                          MD5:8303191AC93E4D32457A4A9E3CDAD8E5
                                                                                                                                                                                          SHA1:B6ADA54B9516D20B69A5DD5CDED868DA22C5E252
                                                                                                                                                                                          SHA-256:05E51021AF1C9D86EB8D6C7E37C4CECE733D5065B91A6D8389C5690ED440F16D
                                                                                                                                                                                          SHA-512:F2F5DBE5EA55ED720FA4191180076E9EFFCB9C811C3C7BF1A1201E9D78590B381E125EAF7B8366B28A03383C2958449423548576605E8DCB5CC11C33C9B0E709
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: typing_extensions.Version: 4.12.2.Summary: Backported and Experimental Type Hints for Python 3.8+.Keywords: annotations,backport,checker,checking,function,hinting,hints,type,typechecking,typehinting,typehints,typing.Author-email: "Guido van Rossum, Jukka Lehtosalo, .ukasz Langa, Michael Lee" <levkivskyi@gmail.com>.Requires-Python: >=3.8.Description-Content-Type: text/markdown.Classifier: Development Status :: 5 - Production/Stable.Classifier: Environment :: Console.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: Python Software Foundation License.Classifier: Operating System :: OS Independent.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Langua

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):571
                                                                                                                                                                                          Entropy (8bit):5.751670348693122
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:12:rCA89x0a/2zDuxv/vjWaxLbSaLjxjxXaefIE12BATqyo/C:mA87n/2zD6vXCulVZf5Cc4C
                                                                                                                                                                                          MD5:B884E8832BFB336C2D7F54271F11EE1C
                                                                                                                                                                                          SHA1:5A3BAABEE79E0CF32D2E87C9AF0FBB3AAD8CACAD
                                                                                                                                                                                          SHA-256:7710002D81971E632AA6A2FC33DC5D74AAF5D7CAAE22040A65D3E31503B05EE9
                                                                                                                                                                                          SHA-512:0A5EB3ABED212C474CB5FDDEF47F8E62DAA130128F2BB368A8E1F12E143DAE2F8B2EF4A9B85A883A03C67195829AD637DB7CF7CC4B41535AF6CA5668F8F2BD0B
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:__pycache__/typing_extensions.cpython-312.pyc,,..typing_extensions-4.12.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typing_extensions-4.12.2.dist-info/LICENSE,sha256=Oy-B_iHRgcSZxZolbI4ZaEVdZonSaaqFNzv7avQdo78,13936..typing_extensions-4.12.2.dist-info/METADATA,sha256=BeUQIa8cnYbrjWx-N8TOznM9UGW5Gm2DicVpDtRA8W0,3018..typing_extensions-4.12.2.dist-info/RECORD,,..typing_extensions-4.12.2.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..typing_extensions.py,sha256=gwekpyG9DVG3lxWKX4ni8u7nk3We5slG98mA9F3DJQw,134451..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\typing_extensions-4.12.2.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                          MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                          SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                          SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                          SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1107
                                                                                                                                                                                          Entropy (8bit):5.115074330424529
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                          MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                          SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                          SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                          SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2153
                                                                                                                                                                                          Entropy (8bit):5.088249746074878
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                          MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                          SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                          SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                          SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4557
                                                                                                                                                                                          Entropy (8bit):5.714200636114494
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                          MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                          SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                          SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                          SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                          MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                          SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                          SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                          SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):104
                                                                                                                                                                                          Entropy (8bit):4.271713330022269
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                          MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                          SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                          SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                          SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1023
                                                                                                                                                                                          Entropy (8bit):5.059832621894572
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:OrmJHcwH0MP3gt8Hw1hj9QHOsUv4eOk4/+/m3oqMSFJ:OaJ8YHvEH5QHOs5exm3oEFJ
                                                                                                                                                                                          MD5:141643E11C48898150DAA83802DBC65F
                                                                                                                                                                                          SHA1:0445ED0F69910EEAEE036F09A39A13C6E1F37E12
                                                                                                                                                                                          SHA-256:86DA0F01AEAE46348A3C3D465195DC1CECCDE79F79E87769A64B8DA04B2A4741
                                                                                                                                                                                          SHA-512:EF62311602B466397BAF0B23CACA66114F8838F9E78E1B067787CEB709D09E0530E85A47BBCD4C5A0905B74FDB30DF0CC640910C6CC2E67886E5B18794A3583F
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Permission is hereby granted, free of charge, to any person obtaining a copy.of this software and associated documentation files (the "Software"), to.deal in the Software without restriction, including without limitation the.rights to use, copy, modify, merge, publish, distribute, sublicense, and/or.sell copies of the Software, and to permit persons to whom the Software is.furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in.all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE.AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER.LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING.FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEA

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3575
                                                                                                                                                                                          Entropy (8bit):5.085545958857746
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:D0h4aC/S802Vpnu3pyt1Q+/+DeVb0ksYSwTgD:Oc/z02Vpnu3pytS+2DeVNfSwTW
                                                                                                                                                                                          MD5:F659E7F578CE6FD3753871DBBBA1F939
                                                                                                                                                                                          SHA1:C53B0E6A2E3D94093E2FE4978926A7439B47D43C
                                                                                                                                                                                          SHA-256:508AE4FE43081C64B0B0A2828588B3A8CC3430C6693D1676662569400B0DFDB1
                                                                                                                                                                                          SHA-512:2C0496B76D259259A8F1E57F3ED2224A7E3E99FF309F764C00A8377BB5BD1C94035BDDF24BD1BA637209677CB9F4E8109F84C50B3488B5B8FC372B6BEDAB9AE0
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: zipp.Version: 3.19.2.Summary: Backport of pathlib-compatible object wrapper for zip files.Author-email: "Jason R. Coombs" <jaraco@jaraco.com>.Project-URL: Homepage, https://github.com/jaraco/zipp.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3 :: Only.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.License-File: LICENSE.Provides-Extra: doc.Requires-Dist: sphinx >=3.5 ; extra == 'doc'.Requires-Dist: jaraco.packaging >=9.3 ; extra == 'doc'.Requires-Dist: rst.linker >=1.9 ; extra == 'doc'.Requires-Dist: furo ; extra == 'doc'.Requires-Dist: sphinx-lint ; extra == 'doc'.Requires-Dist: jaraco.tidelift >=1.4 ; extra == 'doc'.Provides-Extra: test.Requires-Dist: pytest !=8.1.*,>=6 ; extra == 'test'.Requires-Dist: pytest-checkdocs >=2.4 ; extra == 'test'.Requir

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1039
                                                                                                                                                                                          Entropy (8bit):5.8094923667268965
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:An/2zDlvbqfuiwbWk/EsJ6Xam9lpW8OWq3tW36nJA3u3iWwksYW:AnuXlzUuitk/5J6f9lpW8OW4tM6nJSkE
                                                                                                                                                                                          MD5:1E77310EF3277C93430D969FEAC8FDFC
                                                                                                                                                                                          SHA1:173240337F249E2A6D54206AA0D0ACB0FDED12D7
                                                                                                                                                                                          SHA-256:F316F2E03FD9ADE7EBBC0B154706848E2BB8FD568B90935109F0D8E3CE2B9BFE
                                                                                                                                                                                          SHA-512:68F752DAF2DBEB79644337E4DB9B8CEAEAE3606A865EDC32BE16785DC97BDCF38EF200F0EDC86DC9D71ABA72E108D2851A510F0EB598FFEA286503F0C9772E5E
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:zipp-3.19.2.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..zipp-3.19.2.dist-info/LICENSE,sha256=htoPAa6uRjSKPD1GUZXcHOzN55956HdppkuNoEsqR0E,1023..zipp-3.19.2.dist-info/METADATA,sha256=UIrk_kMIHGSwsKKChYizqMw0MMZpPRZ2ZiVpQAsN_bE,3575..zipp-3.19.2.dist-info/RECORD,,..zipp-3.19.2.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..zipp-3.19.2.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..zipp-3.19.2.dist-info/top_level.txt,sha256=iAbdoSHfaGqBfVb2XuR9JqSQHCoOsOtG6y9C_LSpqFw,5..zipp/__init__.py,sha256=QuI1g00G4fRAcGt-HqbV0oWIkmSgedCGGYsHHYzNa8A,13412..zipp/__pycache__/__init__.cpython-312.pyc,,..zipp/__pycache__/glob.cpython-312.pyc,,..zipp/compat/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..zipp/compat/__pycache__/__init__.cpython-312.pyc,,..zipp/compat/__pycache__/py310.cpython-312.pyc,,..zipp/compat/py310.py,sha256=eZpkW0zRtunkhEh8jjX3gCGe22emoKCBJw72Zt4RkhA,219..zipp/glob.py,sha256=etWpnfEoRyf

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\setuptools\_vendor\zipp-3.19.2.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):5
                                                                                                                                                                                          Entropy (8bit):1.9219280948873623
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:m:m
                                                                                                                                                                                          MD5:9B929466EC7848714DE24BCF75AE57CB
                                                                                                                                                                                          SHA1:ECC9237295CDA9B690BE094E58FAE1458A4B0389
                                                                                                                                                                                          SHA-256:8806DDA121DF686A817D56F65EE47D26A4901C2A0EB0EB46EB2F42FCB4A9A85C
                                                                                                                                                                                          SHA-512:C8D8967BE2B5094A5D72BA4BEF5DBDA2CBF539BF3B8B916CF86854087A12DF82B51B7BF5B6EFA79898692EFD22FAD9688058448CAAB198FB708A0E661DC685EA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:zipp.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\LICENSE

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1130
                                                                                                                                                                                          Entropy (8bit):5.118590213496374
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:qt4rWHvH0yPP3Gt6Hw1hP9QHmsUv48OV/+dho3BoqxFB:/S/lPvKhlQHms5QK3WmFB
                                                                                                                                                                                          MD5:F0E423EEA5C91E7AA21BDB70184B3E53
                                                                                                                                                                                          SHA1:A51CCDCB7A9D8C2116D1DFC16F11B3C8A5830F67
                                                                                                                                                                                          SHA-256:6163F7987DFB38D6BC320CE2B70B2F02B862BC41126516D552EF1CD43247E758
                                                                                                                                                                                          SHA-512:8BE742880E6E8495C7EC4C9ECC8F076A9FC9D64FC84B3AEBBC8D2D10DC62AC2C5053F33B716212DCB76C886A9C51619F262C460FC4B39A335CE1AE2C9A8769A8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:This is the MIT license: http://www.opensource.org/licenses/mit-license.php..Copyright (c) Alex Gr.nholm..Permission is hereby granted, free of charge, to any person obtaining a copy of this.software and associated documentation files (the "Software"), to deal in the Software.without restriction, including without limitation the rights to use, copy, modify, merge,.publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons.to whom the Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included in all copies or.substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,.INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR.PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE.FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF C

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):3717
                                                                                                                                                                                          Entropy (8bit):4.986068381037722
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:DSQRbraktjaAckH94jQnJIK04Fak/grjspC3EklAJj:/Rakd4jA7ak/gvspNWmj
                                                                                                                                                                                          MD5:B6DAAC02F66AC8403E9061881322BABE
                                                                                                                                                                                          SHA1:9A94672CCFEA06156A5F8A321CD0626CFD233AE8
                                                                                                                                                                                          SHA-256:CF675C1C0A744F08580855390DE87CC77D676B312582E8D4CFDB5BB8FD298D21
                                                                                                                                                                                          SHA-512:9C6B7326C90396AA9E962C2731A1085EDB672B5696F95F552D13350843C09A246E0BBF0EC484862DFF434FA5A86DE4C0B7C963958ADE35A066B9D2384076DD47
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: typeguard.Version: 4.3.0.Summary: Run-time type checker for Python.Author-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.License: MIT.Project-URL: Documentation, https://typeguard.readthedocs.io/en/latest/.Project-URL: Change log, https://typeguard.readthedocs.io/en/latest/versionhistory.html.Project-URL: Source code, https://github.com/agronholm/typeguard.Project-URL: Issue tracker, https://github.com/agronholm/typeguard/issues.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Python: >=3.8.Description-Content

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2402
                                                                                                                                                                                          Entropy (8bit):5.729208478282605
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:eDnuX3DVED9HDDeDfPDLkAosGDlDiVoBFj7XH0H3HuwVB6Kgfkx7J/Q1NK1cQyxk:eyX3WRHDiLPjksV7I47J/Q1U6Qyx5fsJ
                                                                                                                                                                                          MD5:D680B2881597974ACD91750E5AB61010
                                                                                                                                                                                          SHA1:E00ED2416B5CE21641E3946905504D62D536972F
                                                                                                                                                                                          SHA-256:48A51959582478352275428CEECD78EF77D79AC9DAE796E39A2EAF2540282552
                                                                                                                                                                                          SHA-512:112172ACB515B0712AC58D78898EB159580ADA3DD3F16AABB37CB7A8D964F9E4BADF2869A245927B83B208D56904831C0F04ED925C95DFCB705801734FB0C7BA
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:typeguard-4.3.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..typeguard-4.3.0.dist-info/LICENSE,sha256=YWP3mH37ONa8MgzitwsvArhivEESZRbVUu8c1DJH51g,1130..typeguard-4.3.0.dist-info/METADATA,sha256=z2dcHAp0TwhYCFU5Deh8x31nazElgujUz9tbuP0pjSE,3717..typeguard-4.3.0.dist-info/RECORD,,..typeguard-4.3.0.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92..typeguard-4.3.0.dist-info/entry_points.txt,sha256=qp7NQ1aLtiSgMQqo6gWlfGpy0IIXzoMJmeQTLpzqFZQ,48..typeguard-4.3.0.dist-info/top_level.txt,sha256=4z28AhuDodwRS_c1J_l8H51t5QuwfTseskYzlxp6grs,10..typeguard/__init__.py,sha256=Onh4w38elPCjtlcU3JY9k3h70NjsxXIkAflmQn-Z0FY,2071..typeguard/__pycache__/__init__.cpython-312.pyc,,..typeguard/__pycache__/_checkers.cpython-312.pyc,,..typeguard/__pycache__/_config.cpython-312.pyc,,..typeguard/__pycache__/_decorators.cpython-312.pyc,,..typeguard/__pycache__/_exceptions.cpython-312.pyc,,..typeguard/__pycache__/_functions.cpython-312.pyc,,..typeguard/__pycache__/_i

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):92
                                                                                                                                                                                          Entropy (8bit):4.812622295095324
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX7MWcSlVlFxP+tPCCfA5S:RtBMwlVTxWBBf
                                                                                                                                                                                          MD5:43136DDE7DD276932F6197BB6D676EF4
                                                                                                                                                                                          SHA1:6B13C105452C519EA0B65AC1A975BD5E19C50122
                                                                                                                                                                                          SHA-256:189EEDFE4581172C1B6A02B97A8F48A14C0B5BAA3239E4CA990FBD8871553714
                                                                                                                                                                                          SHA-512:E7712BA7D36DEB083EBCC3B641AD3E7D19FB071EE64AE3A35AD6A50EE882B20CD2E60CA1319199DF12584FE311A6266EC74F96A3FB67E59F90C7B5909668AEE1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: bdist_wheel (0.43.0).Root-Is-Purelib: true.Tag: py3-none-any..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\entry_points.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):48
                                                                                                                                                                                          Entropy (8bit):4.155187698990101
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:mWSJCQEjMitjHfLvn:mrMJHfbn
                                                                                                                                                                                          MD5:AEAB5BCF8BF89A51C97C4CDF70578848
                                                                                                                                                                                          SHA1:2E9C1617560AB66431AAB90700DB901985293485
                                                                                                                                                                                          SHA-256:AA9ECD43568BB624A0310AA8EA05A57C6A72D08217CE830999E4132E9CEA1594
                                                                                                                                                                                          SHA-512:2BE73E99296DF26A28835F91DD8BC50EB104AF06A3C54666175FAF322E0AD4620453DB0388531C4113B052A92C1D2E4C3088E25AF43CDE42AA852CF7B0CB5B05
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[pytest11].typeguard = typeguard._pytest_plugin.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\typeguard-4.3.0.dist-info\top_level.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):10
                                                                                                                                                                                          Entropy (8bit):3.321928094887362
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:LEJn:M
                                                                                                                                                                                          MD5:004A2A8CE1AB120A63902A27D76BD964
                                                                                                                                                                                          SHA1:A4E367AB40410598DADD1FC5F680ED7A176BEB09
                                                                                                                                                                                          SHA-256:E33DBC021B83A1DC114BF73527F97C1F9D6DE50BB07D3B1EB24633971A7A82BB
                                                                                                                                                                                          SHA-512:0D8FF9A43897AB390AB41AFE5BAC8BD38A68C2BEF88E844E5B49BF70E3164B226975CC2717AE3DC3428D1CFBB0BE068C243F104915FEE1FFA58C23FBE76FDB89
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:typeguard.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\unicodedata.pyd

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):302872
                                                                                                                                                                                          Entropy (8bit):7.986490052260418
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:6144:EtX6biS7ltWh4BvaEyS+KPUR30JlSEwV7hqoUnJG4qKOF6J:EZLS5YiyEFPPl3yqrJG4V06J
                                                                                                                                                                                          MD5:71A9251C68EE8772F514ADAEA332E20D
                                                                                                                                                                                          SHA1:3392737A6869B4DA869D2A0B9C597DC1355915C4
                                                                                                                                                                                          SHA-256:8419E45441A5967C8156DA0A2A5866CB09D04CD566F8113255C930B7351F50EB
                                                                                                                                                                                          SHA-512:4EC0B64E8ED9153305705FB247C918631EAF4407DAF20CCFB60A325EEE7485F856ADD080FB5B676A48D845E943C30A13A44671F74CD8A6A096CBD81F49F0E418
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 3%
                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......w...3m..3m..3m..:...5m......1m......>m......;m......0m......0m..x...1m..3m..cm......2m......2m....j.2m......2m..Rich3m..................PE..d...]..e.........." ...#.`.......0.......@................................................`.............................................X....................@..........................................................@...........................................UPX0.....0..............................UPX1.....`...@...^..................@....rsrc................b..............@......................................................................................................................................................................................................................................................................................................................................................4.00.UPX!.$..

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\INSTALLER

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4
                                                                                                                                                                                          Entropy (8bit):1.5
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:Mn:M
                                                                                                                                                                                          MD5:365C9BFEB7D89244F2CE01C1DE44CB85
                                                                                                                                                                                          SHA1:D7A03141D5D6B1E88B6B59EF08B6681DF212C599
                                                                                                                                                                                          SHA-256:CEEBAE7B8927A3227E5303CF5E0F1F7B34BB542AD7250AC03FBCDE36EC2F1508
                                                                                                                                                                                          SHA-512:D220D322A4053D84130567D626A9F7BB2FB8F0B854DA1621F001826DC61B0ED6D3F91793627E6F0AC2AC27AEA2B986B6A7A63427F05FE004D8A2ADFBDADC13C1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:pip.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\LICENSE.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):1107
                                                                                                                                                                                          Entropy (8bit):5.115074330424529
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:24:PWmrRONJHLH0cPP3gtkHw1h39QHOsUv4eOk4/+jvho3nPz:ttONJbbvE/NQHOs5eNS3n7
                                                                                                                                                                                          MD5:7FFB0DB04527CFE380E4F2726BD05EBF
                                                                                                                                                                                          SHA1:5B39C45A91A556E5F1599604F1799E4027FA0E60
                                                                                                                                                                                          SHA-256:30C23618679108F3E8EA1D2A658C7CA417BDFC891C98EF1A89FA4FF0C9828654
                                                                                                                                                                                          SHA-512:205F284F3A7E8E696C70ED7B856EE98C1671C68893F0952EEC40915A383BC452B99899BDC401F9FE161A1BF9B6E2CEA3BCD90615EEE9173301657A2CE4BAFE14
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:MIT License..Copyright (c) 2012 Daniel Holth <dholth@fastmail.fm> and contributors..Permission is hereby granted, free of charge, to any person obtaining a.copy of this software and associated documentation files (the "Software"),.to deal in the Software without restriction, including without limitation.the rights to use, copy, modify, merge, publish, distribute, sublicense,.and/or sell copies of the Software, and to permit persons to whom the.Software is furnished to do so, subject to the following conditions:..The above copyright notice and this permission notice shall be included.in all copies or substantial portions of the Software...THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,.FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL.THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR.OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERW

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\METADATA

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:Unicode text, UTF-8 text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):2153
                                                                                                                                                                                          Entropy (8bit):5.088249746074878
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:48:DEhpFu5MktjaywDK48d+md+7uT8RfkD1UKd+mOl1Awry:DEhpiMktjayq/7kOfsUzmbYy
                                                                                                                                                                                          MD5:EBEA27DA14E3F453119DC72D84343E8C
                                                                                                                                                                                          SHA1:7CEB6DBE498B69ABF4087637C6F500742FF7E2B4
                                                                                                                                                                                          SHA-256:59BAC22B00A59D3E5608A56B8CF8EFC43831A36B72792EE4389C9CD4669C7841
                                                                                                                                                                                          SHA-512:A41593939B9325D40CB67FD3F41CD1C9E9978F162487FB469094C41440B5F48016B9A66BE2E6E4A0406D6EEDB25CE4F5A860BA1E3DC924B81F63CEEE3AE31117
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Metadata-Version: 2.1.Name: wheel.Version: 0.43.0.Summary: A built-package format for Python.Keywords: wheel,packaging.Author-email: Daniel Holth <dholth@fastmail.fm>.Maintainer-email: Alex Gr.nholm <alex.gronholm@nextday.fi>.Requires-Python: >=3.8.Description-Content-Type: text/x-rst.Classifier: Development Status :: 5 - Production/Stable.Classifier: Intended Audience :: Developers.Classifier: Topic :: System :: Archiving :: Packaging.Classifier: License :: OSI Approved :: MIT License.Classifier: Programming Language :: Python.Classifier: Programming Language :: Python :: 3 :: Only.Classifier: Programming Language :: Python :: 3.8.Classifier: Programming Language :: Python :: 3.9.Classifier: Programming Language :: Python :: 3.10.Classifier: Programming Language :: Python :: 3.11.Classifier: Programming Language :: Python :: 3.12.Requires-Dist: pytest >= 6.0.0 ; extra == "test".Requires-Dist: setuptools >= 65 ; extra == "test".Project-URL: Changelog, https://wheel.readthedocs.io/en/s

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\RECORD

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:CSV text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):4557
                                                                                                                                                                                          Entropy (8bit):5.714200636114494
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:96:QXVuEmegx01TQIvFCiq9H/H7vp88FxTXiJPkGJP4CWweXQHmnDpMI78IegK5EeZR:QXVxAbYkU4CWweXQHmnDpMeV2BvTRqQF
                                                                                                                                                                                          MD5:44D352C4997560C7BFB82D9360F5985A
                                                                                                                                                                                          SHA1:BE58C7B8AB32790384E4E4F20865C4A88414B67A
                                                                                                                                                                                          SHA-256:783E654742611AF88CD9F00BF01A431A219DB536556E63FF981C7BD673070AC9
                                                                                                                                                                                          SHA-512:281B1D939A560E6A08D0606E5E8CE15F086B4B45738AB41ED6B5821968DC8D764CD6B25DB6BA562A07018C271ABF17A6BC5A380FAD05696ADF1D11EE2C5749C8
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:../../bin/wheel,sha256=cT2EHbrv-J-UyUXu26cDY-0I7RgcruysJeHFanT1Xfo,249..wheel-0.43.0.dist-info/INSTALLER,sha256=zuuue4knoyJ-UwPPXg8fezS7VCrXJQrAP7zeNuwvFQg,4..wheel-0.43.0.dist-info/LICENSE.txt,sha256=MMI2GGeRCPPo6h0qZYx8pBe9_IkcmO8aifpP8MmChlQ,1107..wheel-0.43.0.dist-info/METADATA,sha256=WbrCKwClnT5WCKVrjPjvxDgxo2tyeS7kOJyc1GaceEE,2153..wheel-0.43.0.dist-info/RECORD,,..wheel-0.43.0.dist-info/REQUESTED,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0..wheel-0.43.0.dist-info/WHEEL,sha256=EZbGkh7Ie4PoZfRQ8I0ZuP9VklN_TvcZ6DSE5Uar4z4,81..wheel-0.43.0.dist-info/entry_points.txt,sha256=rTY1BbkPHhkGMm4Q3F0pIzJBzW2kMxoG1oriffvGdA0,104..wheel/__init__.py,sha256=D6jhH00eMzbgrXGAeOwVfD5i-lCAMMycuG1L0useDlo,59..wheel/__main__.py,sha256=NkMUnuTCGcOkgY0IBLgBCVC_BGGcWORx2K8jYGS12UE,455..wheel/__pycache__/__init__.cpython-312.pyc,,..wheel/__pycache__/__main__.cpython-312.pyc,,..wheel/__pycache__/_setuptools_logging.cpython-312.pyc,,..wheel/__pycache__/bdist_wheel.cpython-312.pyc,,..wheel/__pycache

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\WHEEL

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):81
                                                                                                                                                                                          Entropy (8bit):4.672346887071811
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:RtEeX/QFM+vxP+tPCCfA5I:Rt1Qq2WBB3
                                                                                                                                                                                          MD5:24019423EA7C0C2DF41C8272A3791E7B
                                                                                                                                                                                          SHA1:AAE9ECFB44813B68CA525BA7FA0D988615399C86
                                                                                                                                                                                          SHA-256:1196C6921EC87B83E865F450F08D19B8FF5592537F4EF719E83484E546ABE33E
                                                                                                                                                                                          SHA-512:09AB8E4DAA9193CFDEE6CF98CCAE9DB0601F3DCD4944D07BF3AE6FA5BCB9DC0DCAFD369DE9A650A38D1B46C758DB0721EBA884446A8A5AD82BB745FD5DB5F9B1
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:Wheel-Version: 1.0.Generator: flit 3.9.0.Root-Is-Purelib: true.Tag: py3-none-any.

                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\_MEI44642\wheel-0.43.0.dist-info\entry_points.txt

                                                                                                                                                                                          Download File
                                                                                                                                                                                          Process:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                          Size (bytes):104
                                                                                                                                                                                          Entropy (8bit):4.271713330022269
                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                          SSDEEP:3:1SSAnAYgh+MWTMhk6WjrAM5t5ln:1Jb9WTMhk9jUM5t5ln
                                                                                                                                                                                          MD5:6180E17C30BAE5B30DB371793FCE0085
                                                                                                                                                                                          SHA1:E3A12C421562A77D90A13D8539A3A0F4D3228359
                                                                                                                                                                                          SHA-256:AD363505B90F1E1906326E10DC5D29233241CD6DA4331A06D68AE27DFBC6740D
                                                                                                                                                                                          SHA-512:69EAE7B1E181D7BA1D3E2864D31E1320625A375E76D3B2FBF8856B3B6515936ACE3138D4D442CABDE7576FCFBCBB0DEED054D90B95CFA1C99829DB12A9031E26
                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                          Preview:[console_scripts].wheel=wheel.cli:main..[distutils.commands].bdist_wheel=wheel.bdist_wheel:bdist_wheel..

                                                                                                                                                                                          Static File Info

                                                                                                                                                                                          General

                                                                                                                                                                                          File type:PE32+ executable (GUI) x86-64, for MS Windows
                                                                                                                                                                                          Entropy (8bit):7.995301588612392
                                                                                                                                                                                          TrID:
                                                                                                                                                                                          • Win64 Executable GUI (202006/5) 92.65%
                                                                                                                                                                                          • Win64 Executable (generic) (12005/4) 5.51%
                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.92%
                                                                                                                                                                                          • DOS Executable Generic (2002/1) 0.92%
                                                                                                                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                          File name:OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          File size:14'281'848 bytes
                                                                                                                                                                                          MD5:287d64f35d7b81c26ca8cf2f2f6cf993
                                                                                                                                                                                          SHA1:1f2a847fb81c3d4b488482bfade573ab4fc3c2c1
                                                                                                                                                                                          SHA256:b3c3cdd9e888ab607b9e146cf83cdca6b9810c2350c95ecea6b2990b9aba955a
                                                                                                                                                                                          SHA512:366ea2193c13bb1cf1883b36b9187d086739a814bff8d9ff569b828a748c0e3d7a6003d1a9bb3a0684d6948d78dacd6ca58db7469a27aaa632208289f54f317c
                                                                                                                                                                                          SSDEEP:196608:SSuQ2LmHeRAQVcemXyuSyTde8BLjv+bhqNVolJD7fEXEoYdM2xv/k98pIKy02s5C:/92LWeftByxjZL+9qzgJD7fEU0PXMR+T
                                                                                                                                                                                          TLSH:2EE6335CA7940892ED961139DBA7C5579A77BC4E1B10FB8F1EB832201A7F1F53836E20
                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........Zpc.Zpc.Zpc...`.]pc...f..pc...g.Ppc.....Ypc...`.Spc...g.Kpc...f.rpc...b.Qpc.Zpb..pc.O.g.Cpc.O.a.[pc.RichZpc.........PE..d..

                                                                                                                                                                                          File Icon

                                                                                                                                                                                          Icon Hash:0f694ddad6cc7113

                                                                                                                                                                                          Static PE Info

                                                                                                                                                                                          General

                                                                                                                                                                                          Entrypoint:0x14000cdb0
                                                                                                                                                                                          Entrypoint Section:.text
                                                                                                                                                                                          Digitally signed:true
                                                                                                                                                                                          Imagebase:0x140000000
                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                          Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                          DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, GUARD_CF, TERMINAL_SERVER_AWARE
                                                                                                                                                                                          Time Stamp:0x6728E204 [Mon Nov 4 15:02:28 2024 UTC]
                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                          OS Version Major:6
                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                          File Version Major:6
                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                          Subsystem Version Major:6
                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                          Import Hash:72c4e339b7af8ab1ed2eb3821c98713a

                                                                                                                                                                                          Authenticode Signature

                                                                                                                                                                                          Signature Valid:false
                                                                                                                                                                                          Signature Issuer:CN=SSL.com EV Code Signing Intermediate CA RSA R3, O=SSL Corp, L=Houston, S=Texas, C=US
                                                                                                                                                                                          Signature Validation Error:A certificate was explicitly revoked by its issuer
                                                                                                                                                                                          Error Number:-2146762484
                                                                                                                                                                                          Not Before, Not After
                                                                                                                                                                                          • 08/08/2024 09:03:06 08/08/2025 09:03:06
                                                                                                                                                                                          Subject Chain
                                                                                                                                                                                          • OID.1.3.6.1.4.1.311.60.2.1.3=GB, OID.2.5.4.15=Private Organization, CN=Gma Technology Ltd, SERIALNUMBER=09959900, O=Gma Technology Ltd, L=London, S=England, C=GB
                                                                                                                                                                                          Version:3
                                                                                                                                                                                          Thumbprint MD5:61BFE0E3290780EA4A7C3B68E122566F
                                                                                                                                                                                          Thumbprint SHA-1:B5552BF22175AF5D4E9E54B5086B89E8913DB7B9
                                                                                                                                                                                          Thumbprint SHA-256:BF52C8DD5FE9D6C95EC7A55D9E8D6EEBDF7DD8104FDFE4EC5435C8F282CC83C0
                                                                                                                                                                                          Serial:130E3B9CA29F3AB9F3EB6C78CEE34E7C

                                                                                                                                                                                          Entrypoint Preview

                                                                                                                                                                                          Instruction
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                          call 00007FCE715B411Ch
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                          jmp 00007FCE715B3D3Fh
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                          call 00007FCE715B44E8h
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          je 00007FCE715B3EE3h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov eax, dword ptr [00000030h]
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          mov ecx, dword ptr [eax+08h]
                                                                                                                                                                                          jmp 00007FCE715B3EC7h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          cmp ecx, eax
                                                                                                                                                                                          je 00007FCE715B3ED6h
                                                                                                                                                                                          xor eax, eax
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          cmpxchg dword ptr [0003577Ch], ecx
                                                                                                                                                                                          jne 00007FCE715B3EB0h
                                                                                                                                                                                          xor al, al
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                          ret
                                                                                                                                                                                          mov al, 01h
                                                                                                                                                                                          jmp 00007FCE715B3EB9h
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 28h
                                                                                                                                                                                          test ecx, ecx
                                                                                                                                                                                          jne 00007FCE715B3EC9h
                                                                                                                                                                                          mov byte ptr [00035765h], 00000001h
                                                                                                                                                                                          call 00007FCE715B3615h
                                                                                                                                                                                          call 00007FCE715B4900h
                                                                                                                                                                                          test al, al
                                                                                                                                                                                          jne 00007FCE715B3EC6h
                                                                                                                                                                                          xor al, al
                                                                                                                                                                                          jmp 00007FCE715B3ED6h
                                                                                                                                                                                          call 00007FCE715C141Fh
                                                                                                                                                                                          test al, al
                                                                                                                                                                                          jne 00007FCE715B3ECBh
                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                          call 00007FCE715B4910h
                                                                                                                                                                                          jmp 00007FCE715B3EACh
                                                                                                                                                                                          mov al, 01h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          add esp, 28h
                                                                                                                                                                                          ret
                                                                                                                                                                                          int3
                                                                                                                                                                                          int3
                                                                                                                                                                                          inc eax
                                                                                                                                                                                          push ebx
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          sub esp, 20h
                                                                                                                                                                                          cmp byte ptr [0003572Ch], 00000000h
                                                                                                                                                                                          mov ebx, ecx
                                                                                                                                                                                          jne 00007FCE715B3F29h
                                                                                                                                                                                          cmp ecx, 01h
                                                                                                                                                                                          jnbe 00007FCE715B3F2Ch
                                                                                                                                                                                          call 00007FCE715B445Eh
                                                                                                                                                                                          test eax, eax
                                                                                                                                                                                          je 00007FCE715B3EEAh
                                                                                                                                                                                          test ebx, ebx
                                                                                                                                                                                          jne 00007FCE715B3EE6h
                                                                                                                                                                                          dec eax
                                                                                                                                                                                          lea ecx, dword ptr [00035716h]
                                                                                                                                                                                          call 00007FCE715C1212h

                                                                                                                                                                                          Data Directories

                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x3ca5c0x78.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x470000x10e34.rsrc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x440000x2250.pdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0xd9c6180x2660
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x580000x764.reloc
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x3a0800x1c.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x39f400x140.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x2b0000x4a0.rdata
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                          Sections

                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                          .text0x10000x29f000x2a000a6c3b829cc8eaabb1a474c227e90407fFalse0.5514206659226191data6.487493643901088IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rdata0x2b0000x12a500x12c00c081689daf3e2f1be7927b739fd6baaeFalse0.5245182291666667data5.752799791242775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .data0x3e0000x53f80xe00dba0caeecab624a0ccc0d577241601d1False0.134765625data1.8392217063172436IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                          .pdata0x440000x22500x2400181312260a85d10a1454ba38901c499bFalse0.4705946180555556data5.290347578351011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .rsrc0x470000x10e340x110005d9bab8e522a811203c28bb8c3ba5d50False0.16312902113970587data3.714460094225067IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                          .reloc0x580000x7640x800816c68eeb419ee2c08656c31c06a0fffFalse0.5576171875data5.2809528666624175IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                          Resources

                                                                                                                                                                                          NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                          RT_ICON0x470e80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536, resolution 60472 x 60472 px/m0.15525553058085886
                                                                                                                                                                                          RT_GROUP_ICON0x579100x14data1.15
                                                                                                                                                                                          RT_MANIFEST0x579240x50dXML 1.0 document, ASCII text0.4694508894044857

                                                                                                                                                                                          Imports

                                                                                                                                                                                          DLLImport
                                                                                                                                                                                          USER32.dllCreateWindowExW, ShutdownBlockReasonCreate, MsgWaitForMultipleObjects, ShowWindow, DestroyWindow, RegisterClassW, DefWindowProcW, PeekMessageW, DispatchMessageW, TranslateMessage, PostMessageW, GetMessageW, MessageBoxW, MessageBoxA, SystemParametersInfoW, DestroyIcon, SetWindowLongPtrW, GetWindowLongPtrW, GetClientRect, InvalidateRect, ReleaseDC, GetDC, DrawTextW, GetDialogBaseUnits, EndDialog, DialogBoxIndirectParamW, MoveWindow, SendMessageW
                                                                                                                                                                                          COMCTL32.dll
                                                                                                                                                                                          KERNEL32.dllGetACP, IsValidCodePage, GetStringTypeW, GetFileAttributesExW, SetEnvironmentVariableW, FlushFileBuffers, GetCurrentDirectoryW, LCMapStringW, CompareStringW, FlsFree, GetOEMCP, GetCPInfo, GetModuleHandleW, MulDiv, FormatMessageW, GetLastError, GetModuleFileNameW, LoadLibraryExW, SetDllDirectoryW, CreateSymbolicLinkW, GetProcAddress, GetEnvironmentStringsW, GetCommandLineW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, DeleteFileW, FindClose, FindFirstFileW, FindNextFileW, GetDriveTypeW, RemoveDirectoryW, GetTempPathW, CloseHandle, QueryPerformanceCounter, QueryPerformanceFrequency, WaitForSingleObject, Sleep, GetCurrentProcess, TerminateProcess, GetExitCodeProcess, CreateProcessW, GetStartupInfoW, FreeLibrary, LocalFree, SetConsoleCtrlHandler, K32EnumProcessModules, K32GetModuleFileNameExW, CreateFileW, FindFirstFileExW, GetFinalPathNameByHandleW, MultiByteToWideChar, WideCharToMultiByte, FlsSetValue, FreeEnvironmentStringsW, GetProcessHeap, GetTimeZoneInformation, HeapSize, HeapReAlloc, WriteConsoleW, SetEndOfFile, CreateDirectoryW, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetCurrentThreadId, GetSystemTimeAsFileTime, InitializeSListHead, IsDebuggerPresent, RtlUnwindEx, SetLastError, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, RaiseException, RtlPcToFileHeader, GetCommandLineA, GetFileInformationByHandle, GetFileType, PeekNamedPipe, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, ReadFile, GetFullPathNameW, SetStdHandle, GetStdHandle, WriteFile, ExitProcess, GetModuleHandleExW, HeapFree, GetConsoleMode, ReadConsoleW, SetFilePointerEx, GetConsoleOutputCP, GetFileSizeEx, HeapAlloc, FlsAlloc, FlsGetValue
                                                                                                                                                                                          ADVAPI32.dllOpenProcessToken, GetTokenInformation, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW
                                                                                                                                                                                          GDI32.dllSelectObject, DeleteObject, CreateFontIndirectW

                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Nov 14, 2024 12:33:17.825192928 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:17.825226068 CET4434970934.117.59.81192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:17.825287104 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:17.825875998 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:17.825885057 CET4434970934.117.59.81192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:18.444261074 CET4434970934.117.59.81192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:18.444772959 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:18.444787979 CET4434970934.117.59.81192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:18.446322918 CET4434970934.117.59.81192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:18.446419954 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:18.447696924 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:18.447844028 CET4434970934.117.59.81192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:18.448033094 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:18.448172092 CET49709443192.168.2.534.117.59.81
                                                                                                                                                                                          Nov 14, 2024 12:33:19.794739008 CET497113000192.168.2.595.215.204.231
                                                                                                                                                                                          Nov 14, 2024 12:33:19.799701929 CET30004971195.215.204.231192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:19.799776077 CET497113000192.168.2.595.215.204.231
                                                                                                                                                                                          Nov 14, 2024 12:33:19.799896002 CET497113000192.168.2.595.215.204.231
                                                                                                                                                                                          Nov 14, 2024 12:33:19.799916983 CET497113000192.168.2.595.215.204.231
                                                                                                                                                                                          Nov 14, 2024 12:33:19.804721117 CET30004971195.215.204.231192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:19.804749966 CET30004971195.215.204.231192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:20.392416954 CET30004971195.215.204.231192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:20.392529011 CET497113000192.168.2.595.215.204.231
                                                                                                                                                                                          Nov 14, 2024 12:33:20.392658949 CET497113000192.168.2.595.215.204.231
                                                                                                                                                                                          Nov 14, 2024 12:33:20.397583961 CET30004971195.215.204.231192.168.2.5

                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                          Nov 14, 2024 12:33:17.814379930 CET5801553192.168.2.51.1.1.1
                                                                                                                                                                                          Nov 14, 2024 12:33:17.821511030 CET53580151.1.1.1192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:35.765485048 CET5359174162.159.36.2192.168.2.5
                                                                                                                                                                                          Nov 14, 2024 12:33:36.377612114 CET5808353192.168.2.51.1.1.1
                                                                                                                                                                                          Nov 14, 2024 12:33:36.385116100 CET53580831.1.1.1192.168.2.5

                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                          Nov 14, 2024 12:33:17.814379930 CET192.168.2.51.1.1.10xc3c7Standard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                                                                                                                                          Nov 14, 2024 12:33:36.377612114 CET192.168.2.51.1.1.10x8edbStandard query (0)171.39.242.20.in-addr.arpaPTR (Pointer record)IN (0x0001)false

                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                          Nov 14, 2024 12:33:17.821511030 CET1.1.1.1192.168.2.50xc3c7No error (0)ipinfo.io34.117.59.81A (IP address)IN (0x0001)false
                                                                                                                                                                                          Nov 14, 2024 12:33:36.385116100 CET1.1.1.1192.168.2.50x8edbName error (3)171.39.242.20.in-addr.arpanonenonePTR (Pointer record)IN (0x0001)false

                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                          • 95.215.204.231:3000

                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                          0192.168.2.54971195.215.204.23130001496C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          TimestampBytes transferredDirectionData
                                                                                                                                                                                          Nov 14, 2024 12:33:19.799896002 CET223OUTPOST /register-client HTTP/1.1
                                                                                                                                                                                          Host: 95.215.204.231:3000
                                                                                                                                                                                          User-Agent: python-requests/2.32.3
                                                                                                                                                                                          Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                          Content-Length: 428
                                                                                                                                                                                          Content-Type: application/json


                                                                                                                                                                                          Statistics

                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                          Behavior

                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                          System Behavior

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                          Start time:06:33:04
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"
                                                                                                                                                                                          Imagebase:0x7ff689c90000
                                                                                                                                                                                          File size:14'281'848 bytes
                                                                                                                                                                                          MD5 hash:287D64F35D7B81C26CA8CF2F2F6CF993
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:2
                                                                                                                                                                                          Start time:06:33:08
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe"
                                                                                                                                                                                          Imagebase:0x7ff689c90000
                                                                                                                                                                                          File size:14'281'848 bytes
                                                                                                                                                                                          MD5 hash:287D64F35D7B81C26CA8CF2F2F6CF993
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                          Start time:06:33:11
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:wmic bios get serialnumber
                                                                                                                                                                                          Imagebase:0x7ff6bdaf0000
                                                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:4
                                                                                                                                                                                          Start time:06:33:11
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:5
                                                                                                                                                                                          Start time:06:33:14
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c "tasklist | findstr process_explorer"
                                                                                                                                                                                          Imagebase:0x7ff629aa0000
                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:6
                                                                                                                                                                                          Start time:06:33:14
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                          Start time:06:33:14
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                          Imagebase:0x7ff7538c0000
                                                                                                                                                                                          File size:106'496 bytes
                                                                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:8
                                                                                                                                                                                          Start time:06:33:14
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:findstr process_explorer
                                                                                                                                                                                          Imagebase:0x7ff7980d0000
                                                                                                                                                                                          File size:36'352 bytes
                                                                                                                                                                                          MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:moderate
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:9
                                                                                                                                                                                          Start time:06:33:15
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c "tasklist | findstr wireshark"
                                                                                                                                                                                          Imagebase:0x7ff629aa0000
                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:10
                                                                                                                                                                                          Start time:06:33:15
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:11
                                                                                                                                                                                          Start time:06:33:15
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                          Imagebase:0x7ff7538c0000
                                                                                                                                                                                          File size:106'496 bytes
                                                                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:12
                                                                                                                                                                                          Start time:06:33:15
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:findstr wireshark
                                                                                                                                                                                          Imagebase:0x7ff7980d0000
                                                                                                                                                                                          File size:36'352 bytes
                                                                                                                                                                                          MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:13
                                                                                                                                                                                          Start time:06:33:16
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c "tasklist | findstr ollydbg"
                                                                                                                                                                                          Imagebase:0x7ff629aa0000
                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:14
                                                                                                                                                                                          Start time:06:33:16
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:15
                                                                                                                                                                                          Start time:06:33:16
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:tasklist
                                                                                                                                                                                          Imagebase:0x7ff7538c0000
                                                                                                                                                                                          File size:106'496 bytes
                                                                                                                                                                                          MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:16
                                                                                                                                                                                          Start time:06:33:16
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\findstr.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:findstr ollydbg
                                                                                                                                                                                          Imagebase:0x7ff7980d0000
                                                                                                                                                                                          File size:36'352 bytes
                                                                                                                                                                                          MD5 hash:804A6AE28E88689E0CF1946A6CB3FEE5
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:17
                                                                                                                                                                                          Start time:06:33:17
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\cmd.exe /c "wmic csproduct get UUID"
                                                                                                                                                                                          Imagebase:0x7ff629aa0000
                                                                                                                                                                                          File size:289'792 bytes
                                                                                                                                                                                          MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:18
                                                                                                                                                                                          Start time:06:33:17
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:19
                                                                                                                                                                                          Start time:06:33:17
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:wmic csproduct get UUID
                                                                                                                                                                                          Imagebase:0x7ff6bdaf0000
                                                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:21
                                                                                                                                                                                          Start time:06:33:18
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\wbem\WMIC.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:wmic /namespace:\\root\securitycenter2 path antivirus get displayname
                                                                                                                                                                                          Imagebase:0x7ff6bdaf0000
                                                                                                                                                                                          File size:576'000 bytes
                                                                                                                                                                                          MD5 hash:C37F2F4F4B3CD128BDABCAEB2266A785
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          General

                                                                                                                                                                                          Target ID:22
                                                                                                                                                                                          Start time:06:33:18
                                                                                                                                                                                          Start date:14/11/2024
                                                                                                                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                          Imagebase:0x7ff6d64d0000
                                                                                                                                                                                          File size:862'208 bytes
                                                                                                                                                                                          MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                          Disassembly

                                                                                                                                                                                          Reset < >

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:8.8%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:20%
                                                                                                                                                                                            Total number of Nodes:2000
                                                                                                                                                                                            Total number of Limit Nodes:41
                                                                                                                                                                                            execution_graph 20211 7ff689ca5410 20212 7ff689ca541b 20211->20212 20220 7ff689caf2a4 20212->20220 20233 7ff689cb02d8 EnterCriticalSection 20220->20233 16349 7ff689caf98c 16350 7ff689cafb7e 16349->16350 16352 7ff689caf9ce _isindst 16349->16352 16351 7ff689ca4f08 memcpy_s 11 API calls 16350->16351 16369 7ff689cafb6e 16351->16369 16352->16350 16355 7ff689cafa4e _isindst 16352->16355 16353 7ff689c9c550 _log10_special 8 API calls 16354 7ff689cafb99 16353->16354 16370 7ff689cb6194 16355->16370 16360 7ff689cafbaa 16362 7ff689caa900 _isindst 17 API calls 16360->16362 16364 7ff689cafbbe 16362->16364 16367 7ff689cafaab 16367->16369 16394 7ff689cb61d8 16367->16394 16369->16353 16371 7ff689cafa6c 16370->16371 16372 7ff689cb61a3 16370->16372 16376 7ff689cb5598 16371->16376 16401 7ff689cb02d8 EnterCriticalSection 16372->16401 16377 7ff689cb55a1 16376->16377 16378 7ff689cafa81 16376->16378 16379 7ff689ca4f08 memcpy_s 11 API calls 16377->16379 16378->16360 16382 7ff689cb55c8 16378->16382 16380 7ff689cb55a6 16379->16380 16381 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16380->16381 16381->16378 16383 7ff689cb55d1 16382->16383 16384 7ff689cafa92 16382->16384 16385 7ff689ca4f08 memcpy_s 11 API calls 16383->16385 16384->16360 16388 7ff689cb55f8 16384->16388 16386 7ff689cb55d6 16385->16386 16387 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16386->16387 16387->16384 16389 7ff689cb5601 16388->16389 16391 7ff689cafaa3 16388->16391 16390 7ff689ca4f08 memcpy_s 11 API calls 16389->16390 16392 7ff689cb5606 16390->16392 16391->16360 16391->16367 16393 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16392->16393 16393->16391 16402 7ff689cb02d8 EnterCriticalSection 16394->16402 20243 7ff689cbadfe 20244 7ff689cbae17 20243->20244 20245 7ff689cbae0d 20243->20245 20247 7ff689cb0338 LeaveCriticalSection 20245->20247 20034 7ff689cb16b0 20045 7ff689cb73e4 20034->20045 20046 7ff689cb73f1 20045->20046 20047 7ff689caa948 __free_lconv_num 11 API calls 20046->20047 20048 7ff689cb740d 20046->20048 20047->20046 20049 7ff689caa948 __free_lconv_num 11 API calls 20048->20049 20050 7ff689cb16b9 20048->20050 20049->20048 20051 7ff689cb02d8 EnterCriticalSection 20050->20051 15967 7ff689ca5628 15968 7ff689ca565f 15967->15968 15969 7ff689ca5642 15967->15969 15968->15969 15970 7ff689ca5672 CreateFileW 15968->15970 16018 7ff689ca4ee8 15969->16018 15972 7ff689ca56a6 15970->15972 15973 7ff689ca56dc 15970->15973 15992 7ff689ca577c GetFileType 15972->15992 16024 7ff689ca5c04 15973->16024 15977 7ff689ca4f08 memcpy_s 11 API calls 15980 7ff689ca564f 15977->15980 16021 7ff689caa8e0 15980->16021 15981 7ff689ca56d1 CloseHandle 15987 7ff689ca565a 15981->15987 15982 7ff689ca56bb CloseHandle 15982->15987 15983 7ff689ca5710 16050 7ff689ca59c4 15983->16050 15984 7ff689ca56e5 16045 7ff689ca4e7c 15984->16045 15991 7ff689ca56ef 15991->15987 15993 7ff689ca5887 15992->15993 15994 7ff689ca57ca 15992->15994 15996 7ff689ca588f 15993->15996 15997 7ff689ca58b1 15993->15997 15995 7ff689ca57f6 GetFileInformationByHandle 15994->15995 15999 7ff689ca5b00 21 API calls 15994->15999 16000 7ff689ca581f 15995->16000 16001 7ff689ca58a2 GetLastError 15995->16001 15996->16001 16002 7ff689ca5893 15996->16002 15998 7ff689ca58d4 PeekNamedPipe 15997->15998 16016 7ff689ca5872 15997->16016 15998->16016 16008 7ff689ca57e4 15999->16008 16004 7ff689ca59c4 51 API calls 16000->16004 16003 7ff689ca4e7c _fread_nolock 11 API calls 16001->16003 16005 7ff689ca4f08 memcpy_s 11 API calls 16002->16005 16003->16016 16006 7ff689ca582a 16004->16006 16005->16016 16067 7ff689ca5924 16006->16067 16008->15995 16008->16016 16012 7ff689ca5924 10 API calls 16013 7ff689ca5849 16012->16013 16014 7ff689ca5924 10 API calls 16013->16014 16015 7ff689ca585a 16014->16015 16015->16016 16017 7ff689ca4f08 memcpy_s 11 API calls 16015->16017 16074 7ff689c9c550 16016->16074 16017->16016 16019 7ff689cab2c8 memcpy_s 11 API calls 16018->16019 16020 7ff689ca4ef1 16019->16020 16020->15977 16088 7ff689caa778 16021->16088 16023 7ff689caa8f9 16023->15987 16025 7ff689ca5c3a 16024->16025 16026 7ff689ca4f08 memcpy_s 11 API calls 16025->16026 16044 7ff689ca5cd2 __vcrt_freefls 16025->16044 16028 7ff689ca5c4c 16026->16028 16027 7ff689c9c550 _log10_special 8 API calls 16029 7ff689ca56e1 16027->16029 16030 7ff689ca4f08 memcpy_s 11 API calls 16028->16030 16029->15983 16029->15984 16031 7ff689ca5c54 16030->16031 16140 7ff689ca7e08 16031->16140 16033 7ff689ca5c69 16034 7ff689ca5c71 16033->16034 16035 7ff689ca5c7b 16033->16035 16036 7ff689ca4f08 memcpy_s 11 API calls 16034->16036 16037 7ff689ca4f08 memcpy_s 11 API calls 16035->16037 16040 7ff689ca5c76 16036->16040 16038 7ff689ca5c80 16037->16038 16039 7ff689ca4f08 memcpy_s 11 API calls 16038->16039 16038->16044 16041 7ff689ca5c8a 16039->16041 16042 7ff689ca5cc4 GetDriveTypeW 16040->16042 16040->16044 16043 7ff689ca7e08 45 API calls 16041->16043 16042->16044 16043->16040 16044->16027 16046 7ff689cab2c8 memcpy_s 11 API calls 16045->16046 16047 7ff689ca4e89 __free_lconv_num 16046->16047 16048 7ff689cab2c8 memcpy_s 11 API calls 16047->16048 16049 7ff689ca4eab 16048->16049 16049->15991 16052 7ff689ca59ec 16050->16052 16051 7ff689ca571d 16060 7ff689ca5b00 16051->16060 16052->16051 16234 7ff689caf724 16052->16234 16054 7ff689ca5a80 16054->16051 16055 7ff689caf724 51 API calls 16054->16055 16056 7ff689ca5a93 16055->16056 16056->16051 16057 7ff689caf724 51 API calls 16056->16057 16058 7ff689ca5aa6 16057->16058 16058->16051 16059 7ff689caf724 51 API calls 16058->16059 16059->16051 16061 7ff689ca5b1a 16060->16061 16062 7ff689ca5b51 16061->16062 16063 7ff689ca5b2a 16061->16063 16064 7ff689caf5b8 21 API calls 16062->16064 16065 7ff689ca4e7c _fread_nolock 11 API calls 16063->16065 16066 7ff689ca5b3a 16063->16066 16064->16066 16065->16066 16066->15991 16068 7ff689ca5940 16067->16068 16069 7ff689ca594d FileTimeToSystemTime 16067->16069 16068->16069 16071 7ff689ca5948 16068->16071 16070 7ff689ca5961 SystemTimeToTzSpecificLocalTime 16069->16070 16069->16071 16070->16071 16072 7ff689c9c550 _log10_special 8 API calls 16071->16072 16073 7ff689ca5839 16072->16073 16073->16012 16075 7ff689c9c559 16074->16075 16076 7ff689c9c8e0 IsProcessorFeaturePresent 16075->16076 16077 7ff689c9c564 16075->16077 16078 7ff689c9c8f8 16076->16078 16077->15981 16077->15982 16083 7ff689c9cad8 RtlCaptureContext 16078->16083 16084 7ff689c9caf2 RtlLookupFunctionEntry 16083->16084 16085 7ff689c9c90b 16084->16085 16086 7ff689c9cb08 RtlVirtualUnwind 16084->16086 16087 7ff689c9c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 16085->16087 16086->16084 16086->16085 16089 7ff689caa7a3 16088->16089 16092 7ff689caa814 16089->16092 16091 7ff689caa7ca 16091->16023 16102 7ff689caa55c 16092->16102 16095 7ff689caa84f 16095->16091 16103 7ff689caa5b3 16102->16103 16104 7ff689caa578 GetLastError 16102->16104 16103->16095 16108 7ff689caa5c8 16103->16108 16105 7ff689caa588 16104->16105 16115 7ff689cab390 16105->16115 16109 7ff689caa5e4 GetLastError SetLastError 16108->16109 16110 7ff689caa5fc 16108->16110 16109->16110 16110->16095 16111 7ff689caa900 IsProcessorFeaturePresent 16110->16111 16112 7ff689caa913 16111->16112 16132 7ff689caa614 16112->16132 16116 7ff689cab3af FlsGetValue 16115->16116 16117 7ff689cab3ca FlsSetValue 16115->16117 16119 7ff689cab3c4 16116->16119 16120 7ff689caa5a3 SetLastError 16116->16120 16118 7ff689cab3d7 16117->16118 16117->16120 16121 7ff689caeb98 memcpy_s 11 API calls 16118->16121 16119->16117 16120->16103 16122 7ff689cab3e6 16121->16122 16123 7ff689cab404 FlsSetValue 16122->16123 16124 7ff689cab3f4 FlsSetValue 16122->16124 16126 7ff689cab410 FlsSetValue 16123->16126 16127 7ff689cab422 16123->16127 16125 7ff689cab3fd 16124->16125 16128 7ff689caa948 __free_lconv_num 11 API calls 16125->16128 16126->16125 16129 7ff689caaef4 memcpy_s 11 API calls 16127->16129 16128->16120 16130 7ff689cab42a 16129->16130 16131 7ff689caa948 __free_lconv_num 11 API calls 16130->16131 16131->16120 16133 7ff689caa64e _isindst memcpy_s 16132->16133 16134 7ff689caa676 RtlCaptureContext RtlLookupFunctionEntry 16133->16134 16135 7ff689caa6b0 RtlVirtualUnwind 16134->16135 16136 7ff689caa6e6 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16134->16136 16135->16136 16139 7ff689caa738 _isindst 16136->16139 16137 7ff689c9c550 _log10_special 8 API calls 16138 7ff689caa757 GetCurrentProcess TerminateProcess 16137->16138 16139->16137 16141 7ff689ca7e92 16140->16141 16142 7ff689ca7e24 16140->16142 16177 7ff689cb07c0 16141->16177 16142->16141 16144 7ff689ca7e29 16142->16144 16145 7ff689ca7e5e 16144->16145 16146 7ff689ca7e41 16144->16146 16160 7ff689ca7c4c GetFullPathNameW 16145->16160 16152 7ff689ca7bd8 GetFullPathNameW 16146->16152 16151 7ff689ca7e56 __vcrt_freefls 16151->16033 16153 7ff689ca7bfe GetLastError 16152->16153 16155 7ff689ca7c14 16152->16155 16154 7ff689ca4e7c _fread_nolock 11 API calls 16153->16154 16157 7ff689ca7c0b 16154->16157 16156 7ff689ca7c10 16155->16156 16158 7ff689ca4f08 memcpy_s 11 API calls 16155->16158 16156->16151 16159 7ff689ca4f08 memcpy_s 11 API calls 16157->16159 16158->16156 16159->16156 16161 7ff689ca7c7f GetLastError 16160->16161 16166 7ff689ca7c95 __vcrt_freefls 16160->16166 16162 7ff689ca4e7c _fread_nolock 11 API calls 16161->16162 16163 7ff689ca7c8c 16162->16163 16164 7ff689ca4f08 memcpy_s 11 API calls 16163->16164 16165 7ff689ca7c91 16164->16165 16168 7ff689ca7d24 16165->16168 16166->16165 16167 7ff689ca7cef GetFullPathNameW 16166->16167 16167->16161 16167->16165 16169 7ff689ca7d4d memcpy_s 16168->16169 16173 7ff689ca7d98 memcpy_s 16168->16173 16170 7ff689ca7d81 16169->16170 16169->16173 16174 7ff689ca7dba 16169->16174 16171 7ff689ca4f08 memcpy_s 11 API calls 16170->16171 16172 7ff689ca7d86 16171->16172 16175 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16172->16175 16173->16151 16174->16173 16176 7ff689ca4f08 memcpy_s 11 API calls 16174->16176 16175->16173 16176->16172 16180 7ff689cb05d0 16177->16180 16181 7ff689cb0612 16180->16181 16182 7ff689cb05fb 16180->16182 16184 7ff689cb0616 16181->16184 16185 7ff689cb0637 16181->16185 16183 7ff689ca4f08 memcpy_s 11 API calls 16182->16183 16187 7ff689cb0600 16183->16187 16206 7ff689cb073c 16184->16206 16218 7ff689caf5b8 16185->16218 16191 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16187->16191 16189 7ff689cb063c 16194 7ff689cb06e1 16189->16194 16201 7ff689cb0663 16189->16201 16202 7ff689cb060b __vcrt_freefls 16191->16202 16192 7ff689cb061f 16193 7ff689ca4ee8 _fread_nolock 11 API calls 16192->16193 16195 7ff689cb0624 16193->16195 16194->16182 16196 7ff689cb06e9 16194->16196 16198 7ff689ca4f08 memcpy_s 11 API calls 16195->16198 16199 7ff689ca7bd8 13 API calls 16196->16199 16197 7ff689c9c550 _log10_special 8 API calls 16200 7ff689cb0731 16197->16200 16198->16187 16199->16202 16200->16151 16203 7ff689ca7c4c 14 API calls 16201->16203 16202->16197 16204 7ff689cb06a7 16203->16204 16204->16202 16205 7ff689ca7d24 37 API calls 16204->16205 16205->16202 16207 7ff689cb0786 16206->16207 16208 7ff689cb0756 16206->16208 16210 7ff689cb0791 GetDriveTypeW 16207->16210 16211 7ff689cb0771 16207->16211 16209 7ff689ca4ee8 _fread_nolock 11 API calls 16208->16209 16212 7ff689cb075b 16209->16212 16210->16211 16214 7ff689c9c550 _log10_special 8 API calls 16211->16214 16213 7ff689ca4f08 memcpy_s 11 API calls 16212->16213 16215 7ff689cb0766 16213->16215 16216 7ff689cb061b 16214->16216 16217 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16215->16217 16216->16189 16216->16192 16217->16211 16232 7ff689cba4d0 16218->16232 16221 7ff689caf605 16224 7ff689c9c550 _log10_special 8 API calls 16221->16224 16222 7ff689caf62c 16223 7ff689caeb98 memcpy_s 11 API calls 16222->16223 16225 7ff689caf63b 16223->16225 16226 7ff689caf699 16224->16226 16227 7ff689caf654 16225->16227 16228 7ff689caf645 GetCurrentDirectoryW 16225->16228 16226->16189 16230 7ff689ca4f08 memcpy_s 11 API calls 16227->16230 16228->16227 16229 7ff689caf659 16228->16229 16231 7ff689caa948 __free_lconv_num 11 API calls 16229->16231 16230->16229 16231->16221 16233 7ff689caf5ee GetCurrentDirectoryW 16232->16233 16233->16221 16233->16222 16235 7ff689caf731 16234->16235 16236 7ff689caf755 16234->16236 16235->16236 16237 7ff689caf736 16235->16237 16239 7ff689caf78f 16236->16239 16241 7ff689caf7ae 16236->16241 16238 7ff689ca4f08 memcpy_s 11 API calls 16237->16238 16242 7ff689caf73b 16238->16242 16240 7ff689ca4f08 memcpy_s 11 API calls 16239->16240 16243 7ff689caf794 16240->16243 16251 7ff689ca4f4c 16241->16251 16245 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16242->16245 16246 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 16243->16246 16247 7ff689caf746 16245->16247 16250 7ff689caf79f 16246->16250 16247->16054 16248 7ff689cb04dc 51 API calls 16249 7ff689caf7bb 16248->16249 16249->16248 16249->16250 16250->16054 16252 7ff689ca4f70 16251->16252 16258 7ff689ca4f6b 16251->16258 16252->16258 16259 7ff689cab150 GetLastError 16252->16259 16258->16249 16260 7ff689cab191 FlsSetValue 16259->16260 16261 7ff689cab174 FlsGetValue 16259->16261 16263 7ff689cab1a3 16260->16263 16278 7ff689cab181 16260->16278 16262 7ff689cab18b 16261->16262 16261->16278 16262->16260 16265 7ff689caeb98 memcpy_s 11 API calls 16263->16265 16264 7ff689cab1fd SetLastError 16267 7ff689cab21d 16264->16267 16268 7ff689ca4f8b 16264->16268 16266 7ff689cab1b2 16265->16266 16269 7ff689cab1d0 FlsSetValue 16266->16269 16270 7ff689cab1c0 FlsSetValue 16266->16270 16289 7ff689caa504 16267->16289 16281 7ff689cad984 16268->16281 16273 7ff689cab1ee 16269->16273 16274 7ff689cab1dc FlsSetValue 16269->16274 16272 7ff689cab1c9 16270->16272 16276 7ff689caa948 __free_lconv_num 11 API calls 16272->16276 16277 7ff689caaef4 memcpy_s 11 API calls 16273->16277 16274->16272 16276->16278 16279 7ff689cab1f6 16277->16279 16278->16264 16280 7ff689caa948 __free_lconv_num 11 API calls 16279->16280 16280->16264 16282 7ff689cad999 16281->16282 16284 7ff689ca4fae 16281->16284 16282->16284 16333 7ff689cb3304 16282->16333 16285 7ff689cad9f0 16284->16285 16286 7ff689cada05 16285->16286 16287 7ff689cada18 16285->16287 16286->16287 16346 7ff689cb2650 16286->16346 16287->16258 16298 7ff689cb3650 16289->16298 16324 7ff689cb3608 16298->16324 16329 7ff689cb02d8 EnterCriticalSection 16324->16329 16334 7ff689cab150 _CreateFrameInfo 45 API calls 16333->16334 16335 7ff689cb3313 16334->16335 16336 7ff689cb335e 16335->16336 16345 7ff689cb02d8 EnterCriticalSection 16335->16345 16336->16284 16347 7ff689cab150 _CreateFrameInfo 45 API calls 16346->16347 16348 7ff689cb2659 16347->16348 18891 7ff689cac520 18902 7ff689cb02d8 EnterCriticalSection 18891->18902 20273 7ff689caafd0 20274 7ff689caafd5 20273->20274 20278 7ff689caafea 20273->20278 20279 7ff689caaff0 20274->20279 20280 7ff689cab03a 20279->20280 20281 7ff689cab032 20279->20281 20283 7ff689caa948 __free_lconv_num 11 API calls 20280->20283 20282 7ff689caa948 __free_lconv_num 11 API calls 20281->20282 20282->20280 20284 7ff689cab047 20283->20284 20285 7ff689caa948 __free_lconv_num 11 API calls 20284->20285 20286 7ff689cab054 20285->20286 20287 7ff689caa948 __free_lconv_num 11 API calls 20286->20287 20288 7ff689cab061 20287->20288 20289 7ff689caa948 __free_lconv_num 11 API calls 20288->20289 20290 7ff689cab06e 20289->20290 20291 7ff689caa948 __free_lconv_num 11 API calls 20290->20291 20292 7ff689cab07b 20291->20292 20293 7ff689caa948 __free_lconv_num 11 API calls 20292->20293 20294 7ff689cab088 20293->20294 20295 7ff689caa948 __free_lconv_num 11 API calls 20294->20295 20296 7ff689cab095 20295->20296 20297 7ff689caa948 __free_lconv_num 11 API calls 20296->20297 20298 7ff689cab0a5 20297->20298 20299 7ff689caa948 __free_lconv_num 11 API calls 20298->20299 20300 7ff689cab0b5 20299->20300 20305 7ff689caae94 20300->20305 20319 7ff689cb02d8 EnterCriticalSection 20305->20319 20445 7ff689ca9d50 20448 7ff689ca9ccc 20445->20448 20455 7ff689cb02d8 EnterCriticalSection 20448->20455 20459 7ff689c9cb50 20460 7ff689c9cb60 20459->20460 20476 7ff689ca9ba8 20460->20476 20462 7ff689c9cb6c 20482 7ff689c9ce48 20462->20482 20464 7ff689c9d12c 7 API calls 20465 7ff689c9cc05 20464->20465 20466 7ff689c9cb84 _RTC_Initialize 20474 7ff689c9cbd9 20466->20474 20487 7ff689c9cff8 20466->20487 20468 7ff689c9cb99 20490 7ff689ca9014 20468->20490 20474->20464 20475 7ff689c9cbf5 20474->20475 20477 7ff689ca9bb9 20476->20477 20478 7ff689ca9bc1 20477->20478 20479 7ff689ca4f08 memcpy_s 11 API calls 20477->20479 20478->20462 20480 7ff689ca9bd0 20479->20480 20481 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 20480->20481 20481->20478 20483 7ff689c9ce59 20482->20483 20486 7ff689c9ce5e __scrt_release_startup_lock 20482->20486 20484 7ff689c9d12c 7 API calls 20483->20484 20483->20486 20485 7ff689c9ced2 20484->20485 20486->20466 20515 7ff689c9cfbc 20487->20515 20489 7ff689c9d001 20489->20468 20491 7ff689ca9034 20490->20491 20504 7ff689c9cba5 20490->20504 20492 7ff689ca9052 GetModuleFileNameW 20491->20492 20493 7ff689ca903c 20491->20493 20497 7ff689ca907d 20492->20497 20494 7ff689ca4f08 memcpy_s 11 API calls 20493->20494 20495 7ff689ca9041 20494->20495 20496 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 20495->20496 20496->20504 20498 7ff689ca8fb4 11 API calls 20497->20498 20499 7ff689ca90bd 20498->20499 20500 7ff689ca90c5 20499->20500 20506 7ff689ca90dd 20499->20506 20501 7ff689ca4f08 memcpy_s 11 API calls 20500->20501 20502 7ff689ca90ca 20501->20502 20503 7ff689caa948 __free_lconv_num 11 API calls 20502->20503 20503->20504 20504->20474 20514 7ff689c9d0cc InitializeSListHead 20504->20514 20505 7ff689caa948 __free_lconv_num 11 API calls 20505->20504 20507 7ff689ca9144 20506->20507 20508 7ff689ca912b 20506->20508 20513 7ff689ca90ff 20506->20513 20511 7ff689caa948 __free_lconv_num 11 API calls 20507->20511 20509 7ff689caa948 __free_lconv_num 11 API calls 20508->20509 20510 7ff689ca9134 20509->20510 20512 7ff689caa948 __free_lconv_num 11 API calls 20510->20512 20511->20513 20512->20504 20513->20505 20516 7ff689c9cfd6 20515->20516 20518 7ff689c9cfcf 20515->20518 20519 7ff689caa1ec 20516->20519 20518->20489 20522 7ff689ca9e28 20519->20522 20529 7ff689cb02d8 EnterCriticalSection 20522->20529 18973 7ff689cb08c8 18974 7ff689cb08ec 18973->18974 18976 7ff689cb08fc 18973->18976 18975 7ff689ca4f08 memcpy_s 11 API calls 18974->18975 18997 7ff689cb08f1 18975->18997 18977 7ff689cb0bdc 18976->18977 18978 7ff689cb091e 18976->18978 18979 7ff689ca4f08 memcpy_s 11 API calls 18977->18979 18980 7ff689cb093f 18978->18980 19104 7ff689cb0f84 18978->19104 18981 7ff689cb0be1 18979->18981 18984 7ff689cb09b1 18980->18984 18986 7ff689cb0965 18980->18986 18991 7ff689cb09a5 18980->18991 18983 7ff689caa948 __free_lconv_num 11 API calls 18981->18983 18983->18997 18988 7ff689caeb98 memcpy_s 11 API calls 18984->18988 19002 7ff689cb0974 18984->19002 18985 7ff689cb0a5e 18996 7ff689cb0a7b 18985->18996 19003 7ff689cb0acd 18985->19003 19119 7ff689ca96c0 18986->19119 18992 7ff689cb09c7 18988->18992 18990 7ff689caa948 __free_lconv_num 11 API calls 18990->18997 18991->18985 18991->19002 19125 7ff689cb712c 18991->19125 18998 7ff689caa948 __free_lconv_num 11 API calls 18992->18998 18994 7ff689cb096f 19000 7ff689ca4f08 memcpy_s 11 API calls 18994->19000 18995 7ff689cb098d 18995->18991 19005 7ff689cb0f84 45 API calls 18995->19005 19001 7ff689caa948 __free_lconv_num 11 API calls 18996->19001 18999 7ff689cb09d5 18998->18999 18999->18991 18999->19002 19007 7ff689caeb98 memcpy_s 11 API calls 18999->19007 19000->19002 19004 7ff689cb0a84 19001->19004 19002->18990 19003->19002 19006 7ff689cb33dc 40 API calls 19003->19006 19015 7ff689cb0a89 19004->19015 19161 7ff689cb33dc 19004->19161 19005->18991 19008 7ff689cb0b0a 19006->19008 19009 7ff689cb09f7 19007->19009 19010 7ff689caa948 __free_lconv_num 11 API calls 19008->19010 19012 7ff689caa948 __free_lconv_num 11 API calls 19009->19012 19013 7ff689cb0b14 19010->19013 19012->18991 19013->19002 19013->19015 19014 7ff689cb0bd0 19017 7ff689caa948 __free_lconv_num 11 API calls 19014->19017 19015->19014 19019 7ff689caeb98 memcpy_s 11 API calls 19015->19019 19016 7ff689cb0ab5 19018 7ff689caa948 __free_lconv_num 11 API calls 19016->19018 19017->18997 19018->19015 19020 7ff689cb0b58 19019->19020 19021 7ff689cb0b60 19020->19021 19022 7ff689cb0b69 19020->19022 19023 7ff689caa948 __free_lconv_num 11 API calls 19021->19023 19024 7ff689caa4a4 __std_exception_copy 37 API calls 19022->19024 19025 7ff689cb0b67 19023->19025 19026 7ff689cb0b78 19024->19026 19029 7ff689caa948 __free_lconv_num 11 API calls 19025->19029 19027 7ff689cb0b80 19026->19027 19028 7ff689cb0c0b 19026->19028 19170 7ff689cb7244 19027->19170 19031 7ff689caa900 _isindst 17 API calls 19028->19031 19029->18997 19032 7ff689cb0c1f 19031->19032 19034 7ff689cb0c48 19032->19034 19041 7ff689cb0c58 19032->19041 19037 7ff689ca4f08 memcpy_s 11 API calls 19034->19037 19035 7ff689cb0bc8 19038 7ff689caa948 __free_lconv_num 11 API calls 19035->19038 19036 7ff689cb0ba7 19039 7ff689ca4f08 memcpy_s 11 API calls 19036->19039 19066 7ff689cb0c4d 19037->19066 19038->19014 19040 7ff689cb0bac 19039->19040 19043 7ff689caa948 __free_lconv_num 11 API calls 19040->19043 19042 7ff689cb0f3b 19041->19042 19044 7ff689cb0c7a 19041->19044 19045 7ff689ca4f08 memcpy_s 11 API calls 19042->19045 19043->19025 19046 7ff689cb0c97 19044->19046 19189 7ff689cb106c 19044->19189 19047 7ff689cb0f40 19045->19047 19050 7ff689cb0d0b 19046->19050 19052 7ff689cb0cbf 19046->19052 19060 7ff689cb0cff 19046->19060 19049 7ff689caa948 __free_lconv_num 11 API calls 19047->19049 19049->19066 19055 7ff689cb0d33 19050->19055 19056 7ff689caeb98 memcpy_s 11 API calls 19050->19056 19071 7ff689cb0cce 19050->19071 19051 7ff689cb0dbe 19064 7ff689cb0ddb 19051->19064 19072 7ff689cb0e2e 19051->19072 19204 7ff689ca96fc 19052->19204 19058 7ff689caeb98 memcpy_s 11 API calls 19055->19058 19055->19060 19055->19071 19061 7ff689cb0d25 19056->19061 19065 7ff689cb0d55 19058->19065 19059 7ff689caa948 __free_lconv_num 11 API calls 19059->19066 19060->19051 19060->19071 19210 7ff689cb6fec 19060->19210 19067 7ff689caa948 __free_lconv_num 11 API calls 19061->19067 19062 7ff689cb0cc9 19068 7ff689ca4f08 memcpy_s 11 API calls 19062->19068 19063 7ff689cb0ce7 19063->19060 19074 7ff689cb106c 45 API calls 19063->19074 19069 7ff689caa948 __free_lconv_num 11 API calls 19064->19069 19070 7ff689caa948 __free_lconv_num 11 API calls 19065->19070 19067->19055 19068->19071 19073 7ff689cb0de4 19069->19073 19070->19060 19071->19059 19072->19071 19075 7ff689cb33dc 40 API calls 19072->19075 19078 7ff689cb33dc 40 API calls 19073->19078 19081 7ff689cb0dea 19073->19081 19074->19060 19076 7ff689cb0e6c 19075->19076 19077 7ff689caa948 __free_lconv_num 11 API calls 19076->19077 19079 7ff689cb0e76 19077->19079 19082 7ff689cb0e16 19078->19082 19079->19071 19079->19081 19080 7ff689cb0f2f 19084 7ff689caa948 __free_lconv_num 11 API calls 19080->19084 19081->19080 19085 7ff689caeb98 memcpy_s 11 API calls 19081->19085 19083 7ff689caa948 __free_lconv_num 11 API calls 19082->19083 19083->19081 19084->19066 19086 7ff689cb0ebb 19085->19086 19087 7ff689cb0ec3 19086->19087 19088 7ff689cb0ecc 19086->19088 19089 7ff689caa948 __free_lconv_num 11 API calls 19087->19089 19090 7ff689cb0474 37 API calls 19088->19090 19091 7ff689cb0eca 19089->19091 19092 7ff689cb0eda 19090->19092 19095 7ff689caa948 __free_lconv_num 11 API calls 19091->19095 19093 7ff689cb0f6f 19092->19093 19094 7ff689cb0ee2 SetEnvironmentVariableW 19092->19094 19098 7ff689caa900 _isindst 17 API calls 19093->19098 19096 7ff689cb0f06 19094->19096 19097 7ff689cb0f27 19094->19097 19095->19066 19101 7ff689ca4f08 memcpy_s 11 API calls 19096->19101 19100 7ff689caa948 __free_lconv_num 11 API calls 19097->19100 19099 7ff689cb0f83 19098->19099 19100->19080 19102 7ff689cb0f0b 19101->19102 19103 7ff689caa948 __free_lconv_num 11 API calls 19102->19103 19103->19091 19105 7ff689cb0fb9 19104->19105 19112 7ff689cb0fa1 19104->19112 19106 7ff689caeb98 memcpy_s 11 API calls 19105->19106 19114 7ff689cb0fdd 19106->19114 19107 7ff689cb1062 19109 7ff689caa504 _CreateFrameInfo 45 API calls 19107->19109 19108 7ff689cb103e 19110 7ff689caa948 __free_lconv_num 11 API calls 19108->19110 19111 7ff689cb1068 19109->19111 19110->19112 19112->18980 19113 7ff689caeb98 memcpy_s 11 API calls 19113->19114 19114->19107 19114->19108 19114->19113 19115 7ff689caa948 __free_lconv_num 11 API calls 19114->19115 19116 7ff689caa4a4 __std_exception_copy 37 API calls 19114->19116 19117 7ff689cb104d 19114->19117 19115->19114 19116->19114 19118 7ff689caa900 _isindst 17 API calls 19117->19118 19118->19107 19120 7ff689ca96d9 19119->19120 19121 7ff689ca96d0 19119->19121 19120->18994 19120->18995 19121->19120 19234 7ff689ca9198 19121->19234 19126 7ff689cb6254 19125->19126 19127 7ff689cb7139 19125->19127 19128 7ff689cb6261 19126->19128 19135 7ff689cb6297 19126->19135 19129 7ff689ca4f4c 45 API calls 19127->19129 19131 7ff689ca4f08 memcpy_s 11 API calls 19128->19131 19148 7ff689cb6208 19128->19148 19132 7ff689cb716d 19129->19132 19130 7ff689cb62c1 19133 7ff689ca4f08 memcpy_s 11 API calls 19130->19133 19134 7ff689cb626b 19131->19134 19136 7ff689cb7183 19132->19136 19140 7ff689cb719a 19132->19140 19159 7ff689cb7172 19132->19159 19137 7ff689cb62c6 19133->19137 19138 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19134->19138 19135->19130 19139 7ff689cb62e6 19135->19139 19141 7ff689ca4f08 memcpy_s 11 API calls 19136->19141 19142 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19137->19142 19143 7ff689cb6276 19138->19143 19147 7ff689ca4f4c 45 API calls 19139->19147 19158 7ff689cb62d1 19139->19158 19145 7ff689cb71a4 19140->19145 19146 7ff689cb71b6 19140->19146 19144 7ff689cb7188 19141->19144 19142->19158 19143->18991 19149 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19144->19149 19150 7ff689ca4f08 memcpy_s 11 API calls 19145->19150 19151 7ff689cb71de 19146->19151 19152 7ff689cb71c7 19146->19152 19147->19158 19148->18991 19149->19159 19154 7ff689cb71a9 19150->19154 19466 7ff689cb8f4c 19151->19466 19457 7ff689cb62a4 19152->19457 19157 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19154->19157 19157->19159 19158->18991 19159->18991 19160 7ff689ca4f08 memcpy_s 11 API calls 19160->19159 19162 7ff689cb33fe 19161->19162 19163 7ff689cb341b 19161->19163 19162->19163 19164 7ff689cb340c 19162->19164 19165 7ff689cb3425 19163->19165 19506 7ff689cb7c38 19163->19506 19166 7ff689ca4f08 memcpy_s 11 API calls 19164->19166 19513 7ff689cb7c74 19165->19513 19169 7ff689cb3411 memcpy_s 19166->19169 19169->19016 19171 7ff689ca4f4c 45 API calls 19170->19171 19172 7ff689cb72aa 19171->19172 19173 7ff689cb72b8 19172->19173 19525 7ff689caef24 19172->19525 19528 7ff689ca54ac 19173->19528 19177 7ff689cb73a4 19179 7ff689cb73b5 19177->19179 19181 7ff689caa948 __free_lconv_num 11 API calls 19177->19181 19178 7ff689ca4f4c 45 API calls 19180 7ff689cb7327 19178->19180 19182 7ff689cb0ba3 19179->19182 19184 7ff689caa948 __free_lconv_num 11 API calls 19179->19184 19183 7ff689caef24 5 API calls 19180->19183 19185 7ff689cb7330 19180->19185 19181->19179 19182->19035 19182->19036 19183->19185 19184->19182 19186 7ff689ca54ac 14 API calls 19185->19186 19187 7ff689cb738b 19186->19187 19187->19177 19188 7ff689cb7393 SetEnvironmentVariableW 19187->19188 19188->19177 19190 7ff689cb10ac 19189->19190 19196 7ff689cb108f 19189->19196 19191 7ff689caeb98 memcpy_s 11 API calls 19190->19191 19199 7ff689cb10d0 19191->19199 19192 7ff689cb1131 19194 7ff689caa948 __free_lconv_num 11 API calls 19192->19194 19193 7ff689caa504 _CreateFrameInfo 45 API calls 19195 7ff689cb115a 19193->19195 19194->19196 19196->19046 19197 7ff689caeb98 memcpy_s 11 API calls 19197->19199 19198 7ff689caa948 __free_lconv_num 11 API calls 19198->19199 19199->19192 19199->19197 19199->19198 19200 7ff689cb0474 37 API calls 19199->19200 19201 7ff689cb1140 19199->19201 19203 7ff689cb1154 19199->19203 19200->19199 19202 7ff689caa900 _isindst 17 API calls 19201->19202 19202->19203 19203->19193 19205 7ff689ca9715 19204->19205 19206 7ff689ca970c 19204->19206 19205->19062 19205->19063 19206->19205 19550 7ff689ca920c 19206->19550 19213 7ff689cb6ff9 19210->19213 19216 7ff689cb7026 19210->19216 19211 7ff689cb6ffe 19212 7ff689ca4f08 memcpy_s 11 API calls 19211->19212 19215 7ff689cb7003 19212->19215 19213->19211 19213->19216 19214 7ff689cb706a 19217 7ff689ca4f08 memcpy_s 11 API calls 19214->19217 19219 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19215->19219 19216->19214 19218 7ff689cb7089 19216->19218 19232 7ff689cb705e __crtLCMapStringW 19216->19232 19220 7ff689cb706f 19217->19220 19221 7ff689cb70a5 19218->19221 19222 7ff689cb7093 19218->19222 19223 7ff689cb700e 19219->19223 19224 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19220->19224 19226 7ff689ca4f4c 45 API calls 19221->19226 19225 7ff689ca4f08 memcpy_s 11 API calls 19222->19225 19223->19060 19224->19232 19227 7ff689cb7098 19225->19227 19228 7ff689cb70b2 19226->19228 19229 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19227->19229 19228->19232 19597 7ff689cb8b08 19228->19597 19229->19232 19232->19060 19233 7ff689ca4f08 memcpy_s 11 API calls 19233->19232 19235 7ff689ca91b1 19234->19235 19236 7ff689ca91ad 19234->19236 19257 7ff689cb25f0 19235->19257 19236->19120 19249 7ff689ca94ec 19236->19249 19241 7ff689ca91cf 19283 7ff689ca927c 19241->19283 19242 7ff689ca91c3 19243 7ff689caa948 __free_lconv_num 11 API calls 19242->19243 19243->19236 19246 7ff689caa948 __free_lconv_num 11 API calls 19247 7ff689ca91f6 19246->19247 19248 7ff689caa948 __free_lconv_num 11 API calls 19247->19248 19248->19236 19250 7ff689ca9515 19249->19250 19255 7ff689ca952e 19249->19255 19250->19120 19251 7ff689cb07e8 WideCharToMultiByte 19251->19255 19252 7ff689caeb98 memcpy_s 11 API calls 19252->19255 19253 7ff689ca95be 19254 7ff689caa948 __free_lconv_num 11 API calls 19253->19254 19254->19250 19255->19250 19255->19251 19255->19252 19255->19253 19256 7ff689caa948 __free_lconv_num 11 API calls 19255->19256 19256->19255 19258 7ff689ca91b6 19257->19258 19259 7ff689cb25fd 19257->19259 19263 7ff689cb292c GetEnvironmentStringsW 19258->19263 19302 7ff689cab224 19259->19302 19264 7ff689ca91bb 19263->19264 19265 7ff689cb295c 19263->19265 19264->19241 19264->19242 19266 7ff689cb07e8 WideCharToMultiByte 19265->19266 19267 7ff689cb29ad 19266->19267 19268 7ff689cb29b4 FreeEnvironmentStringsW 19267->19268 19269 7ff689cad5fc _fread_nolock 12 API calls 19267->19269 19268->19264 19270 7ff689cb29c7 19269->19270 19271 7ff689cb29cf 19270->19271 19272 7ff689cb29d8 19270->19272 19273 7ff689caa948 __free_lconv_num 11 API calls 19271->19273 19274 7ff689cb07e8 WideCharToMultiByte 19272->19274 19275 7ff689cb29d6 19273->19275 19276 7ff689cb29fb 19274->19276 19275->19268 19277 7ff689cb29ff 19276->19277 19278 7ff689cb2a09 19276->19278 19279 7ff689caa948 __free_lconv_num 11 API calls 19277->19279 19280 7ff689caa948 __free_lconv_num 11 API calls 19278->19280 19281 7ff689cb2a07 FreeEnvironmentStringsW 19279->19281 19280->19281 19281->19264 19284 7ff689ca92a1 19283->19284 19285 7ff689caeb98 memcpy_s 11 API calls 19284->19285 19286 7ff689ca92d7 19285->19286 19288 7ff689ca9352 19286->19288 19291 7ff689caeb98 memcpy_s 11 API calls 19286->19291 19292 7ff689ca9341 19286->19292 19294 7ff689caa4a4 __std_exception_copy 37 API calls 19286->19294 19297 7ff689ca9377 19286->19297 19298 7ff689ca92df 19286->19298 19300 7ff689caa948 __free_lconv_num 11 API calls 19286->19300 19287 7ff689caa948 __free_lconv_num 11 API calls 19290 7ff689ca91d7 19287->19290 19289 7ff689caa948 __free_lconv_num 11 API calls 19288->19289 19289->19290 19290->19246 19291->19286 19451 7ff689ca94a8 19292->19451 19294->19286 19296 7ff689caa948 __free_lconv_num 11 API calls 19296->19298 19299 7ff689caa900 _isindst 17 API calls 19297->19299 19298->19287 19301 7ff689ca938a 19299->19301 19300->19286 19303 7ff689cab250 FlsSetValue 19302->19303 19304 7ff689cab235 FlsGetValue 19302->19304 19305 7ff689cab242 19303->19305 19306 7ff689cab25d 19303->19306 19304->19305 19307 7ff689cab24a 19304->19307 19308 7ff689caa504 _CreateFrameInfo 45 API calls 19305->19308 19310 7ff689cab248 19305->19310 19309 7ff689caeb98 memcpy_s 11 API calls 19306->19309 19307->19303 19311 7ff689cab2c5 19308->19311 19312 7ff689cab26c 19309->19312 19322 7ff689cb22c4 19310->19322 19313 7ff689cab28a FlsSetValue 19312->19313 19314 7ff689cab27a FlsSetValue 19312->19314 19316 7ff689cab2a8 19313->19316 19317 7ff689cab296 FlsSetValue 19313->19317 19315 7ff689cab283 19314->19315 19318 7ff689caa948 __free_lconv_num 11 API calls 19315->19318 19319 7ff689caaef4 memcpy_s 11 API calls 19316->19319 19317->19315 19318->19305 19320 7ff689cab2b0 19319->19320 19321 7ff689caa948 __free_lconv_num 11 API calls 19320->19321 19321->19310 19345 7ff689cb2534 19322->19345 19324 7ff689cb22f9 19360 7ff689cb1fc4 19324->19360 19327 7ff689cad5fc _fread_nolock 12 API calls 19328 7ff689cb2327 19327->19328 19329 7ff689cb232f 19328->19329 19331 7ff689cb233e 19328->19331 19330 7ff689caa948 __free_lconv_num 11 API calls 19329->19330 19342 7ff689cb2316 19330->19342 19331->19331 19367 7ff689cb266c 19331->19367 19334 7ff689cb243a 19335 7ff689ca4f08 memcpy_s 11 API calls 19334->19335 19336 7ff689cb243f 19335->19336 19338 7ff689caa948 __free_lconv_num 11 API calls 19336->19338 19337 7ff689cb2495 19340 7ff689cb24fc 19337->19340 19378 7ff689cb1df4 19337->19378 19338->19342 19339 7ff689cb2454 19339->19337 19343 7ff689caa948 __free_lconv_num 11 API calls 19339->19343 19341 7ff689caa948 __free_lconv_num 11 API calls 19340->19341 19341->19342 19342->19258 19343->19337 19346 7ff689cb2557 19345->19346 19347 7ff689cb2561 19346->19347 19393 7ff689cb02d8 EnterCriticalSection 19346->19393 19350 7ff689cb25d3 19347->19350 19353 7ff689caa504 _CreateFrameInfo 45 API calls 19347->19353 19350->19324 19354 7ff689cb25eb 19353->19354 19356 7ff689cb2642 19354->19356 19357 7ff689cab224 50 API calls 19354->19357 19356->19324 19358 7ff689cb262c 19357->19358 19359 7ff689cb22c4 65 API calls 19358->19359 19359->19356 19361 7ff689ca4f4c 45 API calls 19360->19361 19362 7ff689cb1fd8 19361->19362 19363 7ff689cb1fe4 GetOEMCP 19362->19363 19364 7ff689cb1ff6 19362->19364 19366 7ff689cb200b 19363->19366 19365 7ff689cb1ffb GetACP 19364->19365 19364->19366 19365->19366 19366->19327 19366->19342 19368 7ff689cb1fc4 47 API calls 19367->19368 19369 7ff689cb2699 19368->19369 19370 7ff689cb27ef 19369->19370 19372 7ff689cb26d6 IsValidCodePage 19369->19372 19377 7ff689cb26f0 memcpy_s 19369->19377 19371 7ff689c9c550 _log10_special 8 API calls 19370->19371 19373 7ff689cb2431 19371->19373 19372->19370 19374 7ff689cb26e7 19372->19374 19373->19334 19373->19339 19375 7ff689cb2716 GetCPInfo 19374->19375 19374->19377 19375->19370 19375->19377 19394 7ff689cb20dc 19377->19394 19450 7ff689cb02d8 EnterCriticalSection 19378->19450 19395 7ff689cb2119 GetCPInfo 19394->19395 19396 7ff689cb220f 19394->19396 19395->19396 19401 7ff689cb212c 19395->19401 19397 7ff689c9c550 _log10_special 8 API calls 19396->19397 19399 7ff689cb22ae 19397->19399 19398 7ff689cb2e40 48 API calls 19400 7ff689cb21a3 19398->19400 19399->19370 19405 7ff689cb7b84 19400->19405 19401->19398 19404 7ff689cb7b84 54 API calls 19404->19396 19406 7ff689ca4f4c 45 API calls 19405->19406 19407 7ff689cb7ba9 19406->19407 19410 7ff689cb7850 19407->19410 19411 7ff689cb7891 19410->19411 19412 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19411->19412 19415 7ff689cb78db 19412->19415 19413 7ff689cb7b59 19414 7ff689c9c550 _log10_special 8 API calls 19413->19414 19416 7ff689cb21d6 19414->19416 19415->19413 19417 7ff689cad5fc _fread_nolock 12 API calls 19415->19417 19419 7ff689cb7913 19415->19419 19429 7ff689cb7a11 19415->19429 19416->19404 19417->19419 19418 7ff689caa948 __free_lconv_num 11 API calls 19418->19413 19420 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19419->19420 19419->19429 19421 7ff689cb7986 19420->19421 19421->19429 19441 7ff689caf0e4 19421->19441 19424 7ff689cb79d1 19427 7ff689caf0e4 __crtLCMapStringW 6 API calls 19424->19427 19424->19429 19425 7ff689cb7a22 19426 7ff689cad5fc _fread_nolock 12 API calls 19425->19426 19428 7ff689cb7af4 19425->19428 19431 7ff689cb7a40 19425->19431 19426->19431 19427->19429 19428->19429 19430 7ff689caa948 __free_lconv_num 11 API calls 19428->19430 19429->19413 19429->19418 19430->19429 19431->19429 19432 7ff689caf0e4 __crtLCMapStringW 6 API calls 19431->19432 19433 7ff689cb7ac0 19432->19433 19433->19428 19434 7ff689cb7ae0 19433->19434 19435 7ff689cb7af6 19433->19435 19437 7ff689cb07e8 WideCharToMultiByte 19434->19437 19436 7ff689cb07e8 WideCharToMultiByte 19435->19436 19438 7ff689cb7aee 19436->19438 19437->19438 19438->19428 19439 7ff689cb7b0e 19438->19439 19439->19429 19440 7ff689caa948 __free_lconv_num 11 API calls 19439->19440 19440->19429 19442 7ff689caed10 __crtLCMapStringW 5 API calls 19441->19442 19443 7ff689caf122 19442->19443 19444 7ff689caf12a 19443->19444 19447 7ff689caf1d0 19443->19447 19444->19424 19444->19425 19444->19429 19446 7ff689caf193 LCMapStringW 19446->19444 19448 7ff689caed10 __crtLCMapStringW 5 API calls 19447->19448 19449 7ff689caf1fe __crtLCMapStringW 19448->19449 19449->19446 19452 7ff689ca9349 19451->19452 19453 7ff689ca94ad 19451->19453 19452->19296 19454 7ff689ca94d6 19453->19454 19455 7ff689caa948 __free_lconv_num 11 API calls 19453->19455 19456 7ff689caa948 __free_lconv_num 11 API calls 19454->19456 19455->19453 19456->19452 19458 7ff689cb62c1 19457->19458 19459 7ff689cb62d8 19457->19459 19460 7ff689ca4f08 memcpy_s 11 API calls 19458->19460 19459->19458 19462 7ff689cb62e6 19459->19462 19461 7ff689cb62c6 19460->19461 19463 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19461->19463 19464 7ff689ca4f4c 45 API calls 19462->19464 19465 7ff689cb62d1 19462->19465 19463->19465 19464->19465 19465->19159 19467 7ff689ca4f4c 45 API calls 19466->19467 19468 7ff689cb8f71 19467->19468 19471 7ff689cb8bc8 19468->19471 19474 7ff689cb8c16 19471->19474 19472 7ff689c9c550 _log10_special 8 API calls 19473 7ff689cb7205 19472->19473 19473->19159 19473->19160 19475 7ff689cb8c9d 19474->19475 19477 7ff689cb8c88 GetCPInfo 19474->19477 19480 7ff689cb8ca1 19474->19480 19476 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19475->19476 19475->19480 19478 7ff689cb8d35 19476->19478 19477->19475 19477->19480 19479 7ff689cad5fc _fread_nolock 12 API calls 19478->19479 19478->19480 19481 7ff689cb8d6c 19478->19481 19479->19481 19480->19472 19481->19480 19482 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19481->19482 19483 7ff689cb8dda 19482->19483 19484 7ff689cb8ebc 19483->19484 19485 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19483->19485 19484->19480 19486 7ff689caa948 __free_lconv_num 11 API calls 19484->19486 19487 7ff689cb8e00 19485->19487 19486->19480 19487->19484 19488 7ff689cad5fc _fread_nolock 12 API calls 19487->19488 19489 7ff689cb8e2d 19487->19489 19488->19489 19489->19484 19490 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19489->19490 19491 7ff689cb8ea4 19490->19491 19492 7ff689cb8ec4 19491->19492 19493 7ff689cb8eaa 19491->19493 19500 7ff689caef68 19492->19500 19493->19484 19496 7ff689caa948 __free_lconv_num 11 API calls 19493->19496 19496->19484 19497 7ff689cb8f03 19497->19480 19499 7ff689caa948 __free_lconv_num 11 API calls 19497->19499 19498 7ff689caa948 __free_lconv_num 11 API calls 19498->19497 19499->19480 19501 7ff689caed10 __crtLCMapStringW 5 API calls 19500->19501 19502 7ff689caefa6 19501->19502 19503 7ff689caefae 19502->19503 19504 7ff689caf1d0 __crtLCMapStringW 5 API calls 19502->19504 19503->19497 19503->19498 19505 7ff689caf017 CompareStringW 19504->19505 19505->19503 19507 7ff689cb7c41 19506->19507 19508 7ff689cb7c5a HeapSize 19506->19508 19509 7ff689ca4f08 memcpy_s 11 API calls 19507->19509 19510 7ff689cb7c46 19509->19510 19511 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 19510->19511 19512 7ff689cb7c51 19511->19512 19512->19165 19514 7ff689cb7c93 19513->19514 19515 7ff689cb7c89 19513->19515 19516 7ff689cb7c98 19514->19516 19523 7ff689cb7c9f memcpy_s 19514->19523 19517 7ff689cad5fc _fread_nolock 12 API calls 19515->19517 19518 7ff689caa948 __free_lconv_num 11 API calls 19516->19518 19521 7ff689cb7c91 19517->19521 19518->19521 19519 7ff689cb7ca5 19522 7ff689ca4f08 memcpy_s 11 API calls 19519->19522 19520 7ff689cb7cd2 HeapReAlloc 19520->19521 19520->19523 19521->19169 19522->19521 19523->19519 19523->19520 19524 7ff689cb3590 memcpy_s 2 API calls 19523->19524 19524->19523 19526 7ff689caed10 __crtLCMapStringW 5 API calls 19525->19526 19527 7ff689caef44 19526->19527 19527->19173 19529 7ff689ca54d6 19528->19529 19530 7ff689ca54fa 19528->19530 19533 7ff689caa948 __free_lconv_num 11 API calls 19529->19533 19549 7ff689ca54e5 19529->19549 19531 7ff689ca5554 19530->19531 19534 7ff689ca54ff 19530->19534 19532 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19531->19532 19544 7ff689ca5570 19532->19544 19533->19549 19535 7ff689ca5514 19534->19535 19538 7ff689caa948 __free_lconv_num 11 API calls 19534->19538 19534->19549 19536 7ff689cad5fc _fread_nolock 12 API calls 19535->19536 19536->19549 19537 7ff689ca5577 GetLastError 19539 7ff689ca4e7c _fread_nolock 11 API calls 19537->19539 19538->19535 19542 7ff689ca5584 19539->19542 19540 7ff689ca55b2 19541 7ff689caf8a0 _fread_nolock MultiByteToWideChar 19540->19541 19540->19549 19547 7ff689ca55f6 19541->19547 19548 7ff689ca4f08 memcpy_s 11 API calls 19542->19548 19543 7ff689ca55a5 19546 7ff689cad5fc _fread_nolock 12 API calls 19543->19546 19544->19537 19544->19540 19544->19543 19545 7ff689caa948 __free_lconv_num 11 API calls 19544->19545 19545->19543 19546->19540 19547->19537 19547->19549 19548->19549 19549->19177 19549->19178 19551 7ff689ca9221 19550->19551 19552 7ff689ca9225 19550->19552 19551->19205 19563 7ff689ca95cc 19551->19563 19571 7ff689cb2a3c GetEnvironmentStringsW 19552->19571 19555 7ff689ca923e 19578 7ff689ca938c 19555->19578 19556 7ff689ca9232 19558 7ff689caa948 __free_lconv_num 11 API calls 19556->19558 19558->19551 19560 7ff689caa948 __free_lconv_num 11 API calls 19561 7ff689ca9265 19560->19561 19562 7ff689caa948 __free_lconv_num 11 API calls 19561->19562 19562->19551 19564 7ff689ca95ef 19563->19564 19565 7ff689ca9606 19563->19565 19564->19205 19565->19564 19566 7ff689caeb98 memcpy_s 11 API calls 19565->19566 19567 7ff689ca967a 19565->19567 19568 7ff689caf8a0 MultiByteToWideChar _fread_nolock 19565->19568 19570 7ff689caa948 __free_lconv_num 11 API calls 19565->19570 19566->19565 19569 7ff689caa948 __free_lconv_num 11 API calls 19567->19569 19568->19565 19569->19564 19570->19565 19572 7ff689ca922a 19571->19572 19574 7ff689cb2a60 19571->19574 19572->19555 19572->19556 19573 7ff689cad5fc _fread_nolock 12 API calls 19575 7ff689cb2a97 memcpy_s 19573->19575 19574->19573 19576 7ff689caa948 __free_lconv_num 11 API calls 19575->19576 19577 7ff689cb2ab7 FreeEnvironmentStringsW 19576->19577 19577->19572 19579 7ff689ca93b4 19578->19579 19580 7ff689caeb98 memcpy_s 11 API calls 19579->19580 19590 7ff689ca93ef 19580->19590 19581 7ff689caa948 __free_lconv_num 11 API calls 19582 7ff689ca9246 19581->19582 19582->19560 19583 7ff689ca9471 19584 7ff689caa948 __free_lconv_num 11 API calls 19583->19584 19584->19582 19585 7ff689caeb98 memcpy_s 11 API calls 19585->19590 19586 7ff689ca9460 19587 7ff689ca94a8 11 API calls 19586->19587 19589 7ff689ca9468 19587->19589 19588 7ff689cb0474 37 API calls 19588->19590 19591 7ff689caa948 __free_lconv_num 11 API calls 19589->19591 19590->19583 19590->19585 19590->19586 19590->19588 19592 7ff689ca9494 19590->19592 19593 7ff689ca93f7 19590->19593 19595 7ff689caa948 __free_lconv_num 11 API calls 19590->19595 19591->19593 19594 7ff689caa900 _isindst 17 API calls 19592->19594 19593->19581 19596 7ff689ca94a6 19594->19596 19595->19590 19598 7ff689cb8b31 __crtLCMapStringW 19597->19598 19599 7ff689cb70ee 19598->19599 19600 7ff689caef68 6 API calls 19598->19600 19599->19232 19599->19233 19600->19599 16403 7ff689c9cc3c 16424 7ff689c9ce0c 16403->16424 16406 7ff689c9cd88 16578 7ff689c9d12c IsProcessorFeaturePresent 16406->16578 16407 7ff689c9cc58 __scrt_acquire_startup_lock 16409 7ff689c9cd92 16407->16409 16416 7ff689c9cc76 __scrt_release_startup_lock 16407->16416 16410 7ff689c9d12c 7 API calls 16409->16410 16411 7ff689c9cd9d _CreateFrameInfo 16410->16411 16412 7ff689c9cc9b 16413 7ff689c9cd21 16430 7ff689c9d274 16413->16430 16415 7ff689c9cd26 16433 7ff689c91000 16415->16433 16416->16412 16416->16413 16567 7ff689ca9b2c 16416->16567 16421 7ff689c9cd49 16421->16411 16574 7ff689c9cf90 16421->16574 16425 7ff689c9ce14 16424->16425 16426 7ff689c9ce20 __scrt_dllmain_crt_thread_attach 16425->16426 16427 7ff689c9cc50 16426->16427 16428 7ff689c9ce2d 16426->16428 16427->16406 16427->16407 16428->16427 16585 7ff689c9d888 16428->16585 16431 7ff689cba4d0 memcpy_s 16430->16431 16432 7ff689c9d28b GetStartupInfoW 16431->16432 16432->16415 16434 7ff689c91009 16433->16434 16612 7ff689ca5484 16434->16612 16436 7ff689c937fb 16619 7ff689c936b0 16436->16619 16440 7ff689c9c550 _log10_special 8 API calls 16442 7ff689c93ca7 16440->16442 16572 7ff689c9d2b8 GetModuleHandleW 16442->16572 16443 7ff689c9391b 16788 7ff689c945c0 16443->16788 16444 7ff689c9383c 16779 7ff689c91c80 16444->16779 16448 7ff689c9385b 16691 7ff689c98830 16448->16691 16450 7ff689c9396a 16811 7ff689c92710 16450->16811 16451 7ff689c9388e 16461 7ff689c938bb __vcrt_freefls 16451->16461 16783 7ff689c989a0 16451->16783 16454 7ff689c9395d 16455 7ff689c93962 16454->16455 16456 7ff689c93984 16454->16456 16807 7ff689ca004c 16455->16807 16457 7ff689c91c80 49 API calls 16456->16457 16460 7ff689c939a3 16457->16460 16465 7ff689c91950 115 API calls 16460->16465 16462 7ff689c98830 14 API calls 16461->16462 16471 7ff689c938de __vcrt_freefls 16461->16471 16462->16471 16464 7ff689c93a0b 16466 7ff689c989a0 40 API calls 16464->16466 16467 7ff689c939ce 16465->16467 16468 7ff689c93a17 16466->16468 16467->16448 16470 7ff689c939de 16467->16470 16469 7ff689c989a0 40 API calls 16468->16469 16472 7ff689c93a23 16469->16472 16473 7ff689c92710 54 API calls 16470->16473 16475 7ff689c9390e __vcrt_freefls 16471->16475 16822 7ff689c98940 16471->16822 16474 7ff689c989a0 40 API calls 16472->16474 16557 7ff689c93808 __vcrt_freefls 16473->16557 16474->16475 16476 7ff689c98830 14 API calls 16475->16476 16477 7ff689c93a3b 16476->16477 16478 7ff689c93b2f 16477->16478 16479 7ff689c93a60 __vcrt_freefls 16477->16479 16480 7ff689c92710 54 API calls 16478->16480 16481 7ff689c98940 40 API calls 16479->16481 16486 7ff689c93aab 16479->16486 16480->16557 16481->16486 16482 7ff689c98830 14 API calls 16483 7ff689c93bf4 __vcrt_freefls 16482->16483 16484 7ff689c93d41 16483->16484 16485 7ff689c93c46 16483->16485 16829 7ff689c944e0 16484->16829 16487 7ff689c93c50 16485->16487 16488 7ff689c93cd4 16485->16488 16486->16482 16704 7ff689c990e0 16487->16704 16491 7ff689c98830 14 API calls 16488->16491 16494 7ff689c93ce0 16491->16494 16492 7ff689c93d4f 16495 7ff689c93d71 16492->16495 16496 7ff689c93d65 16492->16496 16499 7ff689c93c61 16494->16499 16500 7ff689c93ced 16494->16500 16498 7ff689c91c80 49 API calls 16495->16498 16832 7ff689c94630 16496->16832 16509 7ff689c93cc8 __vcrt_freefls 16498->16509 16502 7ff689c92710 54 API calls 16499->16502 16503 7ff689c91c80 49 API calls 16500->16503 16502->16557 16506 7ff689c93d0b 16503->16506 16504 7ff689c93dbc 16754 7ff689c99390 16504->16754 16508 7ff689c93d12 16506->16508 16506->16509 16512 7ff689c92710 54 API calls 16508->16512 16509->16504 16510 7ff689c93da7 LoadLibraryExW 16509->16510 16510->16504 16511 7ff689c93dcf SetDllDirectoryW 16514 7ff689c93e02 16511->16514 16555 7ff689c93e52 16511->16555 16512->16557 16516 7ff689c98830 14 API calls 16514->16516 16515 7ff689c94000 16518 7ff689c9400a PostMessageW GetMessageW 16515->16518 16519 7ff689c9402d 16515->16519 16523 7ff689c93e0e __vcrt_freefls 16516->16523 16517 7ff689c93f13 16759 7ff689c933c0 16517->16759 16518->16519 16909 7ff689c93360 16519->16909 16525 7ff689c93eea 16523->16525 16529 7ff689c93e46 16523->16529 16528 7ff689c98940 40 API calls 16525->16528 16528->16555 16529->16555 16835 7ff689c96dc0 16529->16835 16555->16515 16555->16517 16557->16440 16568 7ff689ca9b64 16567->16568 16569 7ff689ca9b43 16567->16569 18867 7ff689caa3d8 16568->18867 16569->16413 16573 7ff689c9d2c9 16572->16573 16573->16421 16575 7ff689c9cfa1 16574->16575 16576 7ff689c9cd60 16575->16576 16577 7ff689c9d888 7 API calls 16575->16577 16576->16412 16577->16576 16579 7ff689c9d152 _isindst memcpy_s 16578->16579 16580 7ff689c9d171 RtlCaptureContext RtlLookupFunctionEntry 16579->16580 16581 7ff689c9d1d6 memcpy_s 16580->16581 16582 7ff689c9d19a RtlVirtualUnwind 16580->16582 16583 7ff689c9d208 IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter 16581->16583 16582->16581 16584 7ff689c9d256 _isindst 16583->16584 16584->16409 16586 7ff689c9d890 16585->16586 16587 7ff689c9d89a 16585->16587 16591 7ff689c9dc24 16586->16591 16587->16427 16592 7ff689c9d895 16591->16592 16593 7ff689c9dc33 16591->16593 16595 7ff689c9dc90 16592->16595 16599 7ff689c9de60 16593->16599 16596 7ff689c9dcbb 16595->16596 16597 7ff689c9dcbf 16596->16597 16598 7ff689c9dc9e DeleteCriticalSection 16596->16598 16597->16587 16598->16596 16603 7ff689c9dcc8 16599->16603 16604 7ff689c9ddb2 TlsFree 16603->16604 16605 7ff689c9dd0c __vcrt_InitializeCriticalSectionEx 16603->16605 16605->16604 16606 7ff689c9dd3a LoadLibraryExW 16605->16606 16607 7ff689c9ddf9 GetProcAddress 16605->16607 16611 7ff689c9dd7d LoadLibraryExW 16605->16611 16608 7ff689c9ddd9 16606->16608 16609 7ff689c9dd5b GetLastError 16606->16609 16607->16604 16608->16607 16610 7ff689c9ddf0 FreeLibrary 16608->16610 16609->16605 16610->16607 16611->16605 16611->16608 16613 7ff689caf480 16612->16613 16614 7ff689caf4d3 16613->16614 16616 7ff689caf526 16613->16616 16615 7ff689caa814 _invalid_parameter_noinfo 37 API calls 16614->16615 16618 7ff689caf4fc 16615->16618 16922 7ff689caf358 16616->16922 16618->16436 16930 7ff689c9c850 16619->16930 16622 7ff689c93710 16932 7ff689c99280 FindFirstFileExW 16622->16932 16623 7ff689c936eb GetLastError 16937 7ff689c92c50 16623->16937 16627 7ff689c93723 16952 7ff689c99300 CreateFileW 16627->16952 16628 7ff689c9377d 16963 7ff689c99440 16628->16963 16629 7ff689c9c550 _log10_special 8 API calls 16632 7ff689c937b5 16629->16632 16632->16557 16641 7ff689c91950 16632->16641 16634 7ff689c9378b 16637 7ff689c93706 16634->16637 16638 7ff689c92810 49 API calls 16634->16638 16635 7ff689c93734 16955 7ff689c92810 16635->16955 16636 7ff689c9374c __vcrt_InitializeCriticalSectionEx 16636->16628 16637->16629 16638->16637 16642 7ff689c945c0 108 API calls 16641->16642 16643 7ff689c91985 16642->16643 16644 7ff689c91c43 16643->16644 16645 7ff689c97f90 83 API calls 16643->16645 16646 7ff689c9c550 _log10_special 8 API calls 16644->16646 16647 7ff689c919cb 16645->16647 16648 7ff689c91c5e 16646->16648 16690 7ff689c91a03 16647->16690 17320 7ff689ca06d4 16647->17320 16648->16443 16648->16444 16650 7ff689ca004c 74 API calls 16650->16644 16651 7ff689c919e5 16652 7ff689c91a08 16651->16652 16653 7ff689c919e9 16651->16653 17324 7ff689ca039c 16652->17324 16654 7ff689ca4f08 memcpy_s 11 API calls 16653->16654 16657 7ff689c919ee 16654->16657 17327 7ff689c92910 16657->17327 16658 7ff689c91a45 16664 7ff689c91a7b 16658->16664 16665 7ff689c91a5c 16658->16665 16659 7ff689c91a26 16661 7ff689ca4f08 memcpy_s 11 API calls 16659->16661 16662 7ff689c91a2b 16661->16662 16663 7ff689c92910 54 API calls 16662->16663 16663->16690 16667 7ff689c91c80 49 API calls 16664->16667 16666 7ff689ca4f08 memcpy_s 11 API calls 16665->16666 16669 7ff689c91a61 16666->16669 16668 7ff689c91a92 16667->16668 16670 7ff689c91c80 49 API calls 16668->16670 16671 7ff689c92910 54 API calls 16669->16671 16672 7ff689c91add 16670->16672 16671->16690 16673 7ff689ca06d4 73 API calls 16672->16673 16674 7ff689c91b01 16673->16674 16675 7ff689c91b35 16674->16675 16676 7ff689c91b16 16674->16676 16678 7ff689ca039c _fread_nolock 53 API calls 16675->16678 16677 7ff689ca4f08 memcpy_s 11 API calls 16676->16677 16679 7ff689c91b1b 16677->16679 16680 7ff689c91b4a 16678->16680 16681 7ff689c92910 54 API calls 16679->16681 16682 7ff689c91b6f 16680->16682 16683 7ff689c91b50 16680->16683 16681->16690 17342 7ff689ca0110 16682->17342 16684 7ff689ca4f08 memcpy_s 11 API calls 16683->16684 16686 7ff689c91b55 16684->16686 16688 7ff689c92910 54 API calls 16686->16688 16688->16690 16689 7ff689c92710 54 API calls 16689->16690 16690->16650 16692 7ff689c9883a 16691->16692 16693 7ff689c99390 2 API calls 16692->16693 16694 7ff689c98859 GetEnvironmentVariableW 16693->16694 16695 7ff689c988c2 16694->16695 16696 7ff689c98876 ExpandEnvironmentStringsW 16694->16696 16698 7ff689c9c550 _log10_special 8 API calls 16695->16698 16696->16695 16697 7ff689c98898 16696->16697 16699 7ff689c99440 2 API calls 16697->16699 16700 7ff689c988d4 16698->16700 16701 7ff689c988aa 16699->16701 16700->16451 16702 7ff689c9c550 _log10_special 8 API calls 16701->16702 16703 7ff689c988ba 16702->16703 16703->16451 16705 7ff689c990f5 16704->16705 17560 7ff689c98570 GetCurrentProcess OpenProcessToken 16705->17560 16708 7ff689c98570 7 API calls 16709 7ff689c99121 16708->16709 16710 7ff689c99154 16709->16710 16711 7ff689c9913a 16709->16711 16713 7ff689c926b0 48 API calls 16710->16713 16712 7ff689c926b0 48 API calls 16711->16712 16714 7ff689c99152 16712->16714 16715 7ff689c99167 LocalFree LocalFree 16713->16715 16714->16715 16716 7ff689c9918f 16715->16716 16717 7ff689c99183 16715->16717 16719 7ff689c9c550 _log10_special 8 API calls 16716->16719 17570 7ff689c92b50 16717->17570 16720 7ff689c93c55 16719->16720 16720->16499 16721 7ff689c98660 16720->16721 16722 7ff689c98678 16721->16722 16723 7ff689c986fa GetTempPathW GetCurrentProcessId 16722->16723 16724 7ff689c9869c 16722->16724 17579 7ff689c925c0 16723->17579 16725 7ff689c98830 14 API calls 16724->16725 16727 7ff689c986a8 16725->16727 17586 7ff689c981d0 16727->17586 16734 7ff689c98728 __vcrt_freefls 16740 7ff689c98765 __vcrt_freefls 16734->16740 17583 7ff689ca8b68 16734->17583 16745 7ff689c99390 2 API calls 16740->16745 16753 7ff689c987d4 __vcrt_freefls 16740->16753 16755 7ff689c993b2 MultiByteToWideChar 16754->16755 16757 7ff689c993d6 16754->16757 16755->16757 16758 7ff689c993ec __vcrt_freefls 16755->16758 16756 7ff689c993f3 MultiByteToWideChar 16756->16758 16757->16756 16757->16758 16758->16511 16760 7ff689c933ce memcpy_s 16759->16760 16761 7ff689c935c7 16760->16761 16765 7ff689c91c80 49 API calls 16760->16765 16766 7ff689c935e2 16760->16766 16771 7ff689c935c9 16760->16771 16772 7ff689c92a50 54 API calls 16760->16772 16776 7ff689c935d0 16760->16776 17775 7ff689c94560 16760->17775 17781 7ff689c97e20 16760->17781 17792 7ff689c91600 16760->17792 17840 7ff689c97120 16760->17840 17844 7ff689c94190 16760->17844 17888 7ff689c94450 16760->17888 16762 7ff689c9c550 _log10_special 8 API calls 16761->16762 16763 7ff689c93664 16762->16763 16763->16557 16778 7ff689c990c0 LocalFree 16763->16778 16765->16760 16768 7ff689c92710 54 API calls 16766->16768 16768->16761 16773 7ff689c92710 54 API calls 16771->16773 16772->16760 16773->16761 16777 7ff689c92710 54 API calls 16776->16777 16777->16761 16780 7ff689c91ca5 16779->16780 16781 7ff689ca4984 49 API calls 16780->16781 16782 7ff689c91cc8 16781->16782 16782->16448 16784 7ff689c99390 2 API calls 16783->16784 16785 7ff689c989b4 16784->16785 16786 7ff689ca8238 38 API calls 16785->16786 16787 7ff689c989c6 __vcrt_freefls 16786->16787 16787->16461 16789 7ff689c945cc 16788->16789 16790 7ff689c99390 2 API calls 16789->16790 16791 7ff689c945f4 16790->16791 16792 7ff689c99390 2 API calls 16791->16792 16793 7ff689c94607 16792->16793 18055 7ff689ca5f94 16793->18055 16796 7ff689c9c550 _log10_special 8 API calls 16797 7ff689c9392b 16796->16797 16797->16450 16798 7ff689c97f90 16797->16798 16799 7ff689c97fb4 16798->16799 16800 7ff689ca06d4 73 API calls 16799->16800 16801 7ff689c9808b __vcrt_freefls 16799->16801 16802 7ff689c97fd0 16800->16802 16801->16454 16802->16801 18446 7ff689ca78c8 16802->18446 16804 7ff689ca06d4 73 API calls 16806 7ff689c97fe5 16804->16806 16805 7ff689ca039c _fread_nolock 53 API calls 16805->16806 16806->16801 16806->16804 16806->16805 16808 7ff689ca007c 16807->16808 18461 7ff689c9fe28 16808->18461 16810 7ff689ca0095 16810->16450 16812 7ff689c9c850 16811->16812 16813 7ff689c92734 GetCurrentProcessId 16812->16813 16814 7ff689c91c80 49 API calls 16813->16814 16815 7ff689c92787 16814->16815 16816 7ff689ca4984 49 API calls 16815->16816 16817 7ff689c927cf 16816->16817 16818 7ff689c92620 12 API calls 16817->16818 16819 7ff689c927f1 16818->16819 16820 7ff689c9c550 _log10_special 8 API calls 16819->16820 16821 7ff689c92801 16820->16821 16821->16557 16823 7ff689c99390 2 API calls 16822->16823 16824 7ff689c9895c 16823->16824 16825 7ff689c99390 2 API calls 16824->16825 16826 7ff689c9896c 16825->16826 16827 7ff689ca8238 38 API calls 16826->16827 16828 7ff689c9897a __vcrt_freefls 16827->16828 16828->16464 16830 7ff689c91c80 49 API calls 16829->16830 16831 7ff689c944fd 16830->16831 16831->16492 16833 7ff689c91c80 49 API calls 16832->16833 16834 7ff689c94660 16833->16834 16834->16509 16834->16834 16836 7ff689c96dd5 16835->16836 16837 7ff689c93e64 16836->16837 16838 7ff689ca4f08 memcpy_s 11 API calls 16836->16838 16841 7ff689c97340 16837->16841 16839 7ff689c96de2 16838->16839 16840 7ff689c92910 54 API calls 16839->16840 16840->16837 18472 7ff689c91470 16841->18472 18578 7ff689c96360 16909->18578 16929 7ff689ca546c EnterCriticalSection 16922->16929 16931 7ff689c936bc GetModuleFileNameW 16930->16931 16931->16622 16931->16623 16933 7ff689c992bf FindClose 16932->16933 16934 7ff689c992d2 16932->16934 16933->16934 16935 7ff689c9c550 _log10_special 8 API calls 16934->16935 16936 7ff689c9371a 16935->16936 16936->16627 16936->16628 16938 7ff689c9c850 16937->16938 16939 7ff689c92c70 GetCurrentProcessId 16938->16939 16968 7ff689c926b0 16939->16968 16941 7ff689c92cb9 16972 7ff689ca4bd8 16941->16972 16944 7ff689c926b0 48 API calls 16945 7ff689c92d34 FormatMessageW 16944->16945 16947 7ff689c92d7f MessageBoxW 16945->16947 16948 7ff689c92d6d 16945->16948 16950 7ff689c9c550 _log10_special 8 API calls 16947->16950 16949 7ff689c926b0 48 API calls 16948->16949 16949->16947 16951 7ff689c92daf 16950->16951 16951->16637 16953 7ff689c99340 GetFinalPathNameByHandleW CloseHandle 16952->16953 16954 7ff689c93730 16952->16954 16953->16954 16954->16635 16954->16636 16956 7ff689c92834 16955->16956 16957 7ff689c926b0 48 API calls 16956->16957 16958 7ff689c92887 16957->16958 16959 7ff689ca4bd8 48 API calls 16958->16959 16960 7ff689c928d0 MessageBoxW 16959->16960 16961 7ff689c9c550 _log10_special 8 API calls 16960->16961 16962 7ff689c92900 16961->16962 16962->16637 16964 7ff689c9946a WideCharToMultiByte 16963->16964 16967 7ff689c99495 16963->16967 16966 7ff689c994ab __vcrt_freefls 16964->16966 16964->16967 16965 7ff689c994b2 WideCharToMultiByte 16965->16966 16966->16634 16967->16965 16967->16966 16969 7ff689c926d5 16968->16969 16970 7ff689ca4bd8 48 API calls 16969->16970 16971 7ff689c926f8 16970->16971 16971->16941 16974 7ff689ca4c32 16972->16974 16973 7ff689ca4c57 16975 7ff689caa814 _invalid_parameter_noinfo 37 API calls 16973->16975 16974->16973 16976 7ff689ca4c93 16974->16976 16978 7ff689ca4c81 16975->16978 16990 7ff689ca2f90 16976->16990 16980 7ff689c9c550 _log10_special 8 API calls 16978->16980 16979 7ff689ca4d74 16981 7ff689caa948 __free_lconv_num 11 API calls 16979->16981 16982 7ff689c92d04 16980->16982 16981->16978 16982->16944 16984 7ff689ca4d49 16987 7ff689caa948 __free_lconv_num 11 API calls 16984->16987 16985 7ff689ca4d9a 16985->16979 16986 7ff689ca4da4 16985->16986 16989 7ff689caa948 __free_lconv_num 11 API calls 16986->16989 16987->16978 16988 7ff689ca4d40 16988->16979 16988->16984 16989->16978 16991 7ff689ca2fce 16990->16991 16992 7ff689ca2fbe 16990->16992 16993 7ff689ca2fd7 16991->16993 16998 7ff689ca3005 16991->16998 16994 7ff689caa814 _invalid_parameter_noinfo 37 API calls 16992->16994 16995 7ff689caa814 _invalid_parameter_noinfo 37 API calls 16993->16995 16996 7ff689ca2ffd 16994->16996 16995->16996 16996->16979 16996->16984 16996->16985 16996->16988 16998->16992 16998->16996 17001 7ff689ca39a4 16998->17001 17034 7ff689ca33f0 16998->17034 17071 7ff689ca2b80 16998->17071 17002 7ff689ca3a57 17001->17002 17003 7ff689ca39e6 17001->17003 17004 7ff689ca3ab0 17002->17004 17005 7ff689ca3a5c 17002->17005 17006 7ff689ca3a81 17003->17006 17007 7ff689ca39ec 17003->17007 17013 7ff689ca3ac7 17004->17013 17014 7ff689ca3aba 17004->17014 17019 7ff689ca3abf 17004->17019 17008 7ff689ca3a5e 17005->17008 17009 7ff689ca3a91 17005->17009 17094 7ff689ca1d54 17006->17094 17010 7ff689ca39f1 17007->17010 17011 7ff689ca3a20 17007->17011 17012 7ff689ca3a00 17008->17012 17022 7ff689ca3a6d 17008->17022 17101 7ff689ca1944 17009->17101 17010->17013 17016 7ff689ca39f7 17010->17016 17011->17016 17011->17019 17032 7ff689ca3af0 17012->17032 17074 7ff689ca4158 17012->17074 17108 7ff689ca46ac 17013->17108 17014->17006 17014->17019 17016->17012 17021 7ff689ca3a32 17016->17021 17030 7ff689ca3a1b 17016->17030 17019->17032 17112 7ff689ca2164 17019->17112 17021->17032 17084 7ff689ca4494 17021->17084 17022->17006 17024 7ff689ca3a72 17022->17024 17024->17032 17090 7ff689ca4558 17024->17090 17026 7ff689c9c550 _log10_special 8 API calls 17027 7ff689ca3dea 17026->17027 17027->16998 17030->17032 17033 7ff689ca3cdc 17030->17033 17119 7ff689ca47c0 17030->17119 17032->17026 17033->17032 17125 7ff689caea08 17033->17125 17035 7ff689ca33fe 17034->17035 17036 7ff689ca3414 17034->17036 17038 7ff689ca3454 17035->17038 17039 7ff689ca3a57 17035->17039 17040 7ff689ca39e6 17035->17040 17037 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17036->17037 17036->17038 17037->17038 17038->16998 17041 7ff689ca3ab0 17039->17041 17042 7ff689ca3a5c 17039->17042 17043 7ff689ca3a81 17040->17043 17044 7ff689ca39ec 17040->17044 17050 7ff689ca3ac7 17041->17050 17051 7ff689ca3aba 17041->17051 17056 7ff689ca3abf 17041->17056 17045 7ff689ca3a5e 17042->17045 17046 7ff689ca3a91 17042->17046 17052 7ff689ca1d54 38 API calls 17043->17052 17047 7ff689ca39f1 17044->17047 17048 7ff689ca3a20 17044->17048 17049 7ff689ca3a00 17045->17049 17058 7ff689ca3a6d 17045->17058 17054 7ff689ca1944 38 API calls 17046->17054 17047->17050 17053 7ff689ca39f7 17047->17053 17048->17053 17048->17056 17055 7ff689ca4158 47 API calls 17049->17055 17069 7ff689ca3af0 17049->17069 17057 7ff689ca46ac 45 API calls 17050->17057 17051->17043 17051->17056 17066 7ff689ca3a1b 17052->17066 17053->17049 17059 7ff689ca3a32 17053->17059 17053->17066 17054->17066 17055->17066 17060 7ff689ca2164 38 API calls 17056->17060 17056->17069 17057->17066 17058->17043 17061 7ff689ca3a72 17058->17061 17062 7ff689ca4494 46 API calls 17059->17062 17059->17069 17060->17066 17064 7ff689ca4558 37 API calls 17061->17064 17061->17069 17062->17066 17063 7ff689c9c550 _log10_special 8 API calls 17065 7ff689ca3dea 17063->17065 17064->17066 17065->16998 17067 7ff689ca47c0 45 API calls 17066->17067 17066->17069 17070 7ff689ca3cdc 17066->17070 17067->17070 17068 7ff689caea08 46 API calls 17068->17070 17069->17063 17070->17068 17070->17069 17303 7ff689ca0fc8 17071->17303 17075 7ff689ca417e 17074->17075 17137 7ff689ca0b80 17075->17137 17080 7ff689ca47c0 45 API calls 17083 7ff689ca42c3 17080->17083 17081 7ff689ca4351 17081->17030 17081->17081 17082 7ff689ca47c0 45 API calls 17082->17081 17083->17081 17083->17082 17083->17083 17085 7ff689ca44c9 17084->17085 17086 7ff689ca44e7 17085->17086 17087 7ff689ca47c0 45 API calls 17085->17087 17089 7ff689ca450e 17085->17089 17088 7ff689caea08 46 API calls 17086->17088 17087->17086 17088->17089 17089->17030 17093 7ff689ca4579 17090->17093 17091 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17092 7ff689ca45aa 17091->17092 17092->17030 17093->17091 17093->17092 17095 7ff689ca1d87 17094->17095 17096 7ff689ca1db6 17095->17096 17098 7ff689ca1e73 17095->17098 17100 7ff689ca1df3 17096->17100 17273 7ff689ca0c28 17096->17273 17099 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17098->17099 17099->17100 17100->17030 17102 7ff689ca1977 17101->17102 17103 7ff689ca19a6 17102->17103 17105 7ff689ca1a63 17102->17105 17104 7ff689ca0c28 12 API calls 17103->17104 17107 7ff689ca19e3 17103->17107 17104->17107 17106 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17105->17106 17106->17107 17107->17030 17109 7ff689ca46ef 17108->17109 17111 7ff689ca46f3 __crtLCMapStringW 17109->17111 17281 7ff689ca4748 17109->17281 17111->17030 17113 7ff689ca2197 17112->17113 17114 7ff689ca21c6 17113->17114 17116 7ff689ca2283 17113->17116 17115 7ff689ca0c28 12 API calls 17114->17115 17118 7ff689ca2203 17114->17118 17115->17118 17117 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17116->17117 17117->17118 17118->17030 17120 7ff689ca47d7 17119->17120 17285 7ff689cad9b8 17120->17285 17126 7ff689caea39 17125->17126 17132 7ff689caea47 17125->17132 17127 7ff689caea67 17126->17127 17128 7ff689ca47c0 45 API calls 17126->17128 17126->17132 17129 7ff689caea9f 17127->17129 17130 7ff689caea78 17127->17130 17128->17127 17129->17132 17133 7ff689caeb2a 17129->17133 17135 7ff689caeac9 17129->17135 17293 7ff689cb00a0 17130->17293 17132->17033 17134 7ff689caf8a0 _fread_nolock MultiByteToWideChar 17133->17134 17134->17132 17135->17132 17296 7ff689caf8a0 17135->17296 17138 7ff689ca0ba6 17137->17138 17139 7ff689ca0bb7 17137->17139 17145 7ff689cae570 17138->17145 17139->17138 17140 7ff689cad5fc _fread_nolock 12 API calls 17139->17140 17141 7ff689ca0be4 17140->17141 17142 7ff689ca0bf8 17141->17142 17143 7ff689caa948 __free_lconv_num 11 API calls 17141->17143 17144 7ff689caa948 __free_lconv_num 11 API calls 17142->17144 17143->17142 17144->17138 17146 7ff689cae5c0 17145->17146 17147 7ff689cae58d 17145->17147 17146->17147 17149 7ff689cae5f2 17146->17149 17148 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17147->17148 17158 7ff689ca42a1 17148->17158 17154 7ff689cae705 17149->17154 17161 7ff689cae63a 17149->17161 17150 7ff689cae7f7 17200 7ff689cada5c 17150->17200 17152 7ff689cae7bd 17193 7ff689caddf4 17152->17193 17154->17150 17154->17152 17155 7ff689cae78c 17154->17155 17157 7ff689cae74f 17154->17157 17160 7ff689cae745 17154->17160 17186 7ff689cae0d4 17155->17186 17176 7ff689cae304 17157->17176 17158->17080 17158->17083 17160->17152 17162 7ff689cae74a 17160->17162 17161->17158 17167 7ff689caa4a4 17161->17167 17162->17155 17162->17157 17165 7ff689caa900 _isindst 17 API calls 17166 7ff689cae854 17165->17166 17168 7ff689caa4b1 17167->17168 17169 7ff689caa4bb 17167->17169 17168->17169 17174 7ff689caa4d6 17168->17174 17170 7ff689ca4f08 memcpy_s 11 API calls 17169->17170 17171 7ff689caa4c2 17170->17171 17172 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17171->17172 17173 7ff689caa4ce 17172->17173 17173->17158 17173->17165 17174->17173 17175 7ff689ca4f08 memcpy_s 11 API calls 17174->17175 17175->17171 17209 7ff689cb40ac 17176->17209 17180 7ff689cae3b0 17180->17158 17181 7ff689cae3ac 17181->17180 17182 7ff689cae401 17181->17182 17183 7ff689cae3cc 17181->17183 17262 7ff689cadef0 17182->17262 17258 7ff689cae1ac 17183->17258 17187 7ff689cb40ac 38 API calls 17186->17187 17188 7ff689cae11e 17187->17188 17189 7ff689cb3af4 37 API calls 17188->17189 17190 7ff689cae16e 17189->17190 17191 7ff689cae172 17190->17191 17192 7ff689cae1ac 45 API calls 17190->17192 17191->17158 17192->17191 17194 7ff689cb40ac 38 API calls 17193->17194 17195 7ff689cade3f 17194->17195 17196 7ff689cb3af4 37 API calls 17195->17196 17197 7ff689cade97 17196->17197 17198 7ff689cade9b 17197->17198 17199 7ff689cadef0 45 API calls 17197->17199 17198->17158 17199->17198 17201 7ff689cadaa1 17200->17201 17202 7ff689cadad4 17200->17202 17204 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17201->17204 17203 7ff689cadaec 17202->17203 17207 7ff689cadb6d 17202->17207 17205 7ff689caddf4 46 API calls 17203->17205 17206 7ff689cadacd memcpy_s 17204->17206 17205->17206 17206->17158 17207->17206 17208 7ff689ca47c0 45 API calls 17207->17208 17208->17206 17210 7ff689cb40ff fegetenv 17209->17210 17211 7ff689cb7e2c 37 API calls 17210->17211 17215 7ff689cb4152 17211->17215 17212 7ff689cb417f 17217 7ff689caa4a4 __std_exception_copy 37 API calls 17212->17217 17213 7ff689cb4242 17214 7ff689cb7e2c 37 API calls 17213->17214 17216 7ff689cb426c 17214->17216 17215->17213 17219 7ff689cb416d 17215->17219 17220 7ff689cb421c 17215->17220 17221 7ff689cb7e2c 37 API calls 17216->17221 17218 7ff689cb41fd 17217->17218 17222 7ff689cb5324 17218->17222 17228 7ff689cb4205 17218->17228 17219->17212 17219->17213 17223 7ff689caa4a4 __std_exception_copy 37 API calls 17220->17223 17224 7ff689cb427d 17221->17224 17225 7ff689caa900 _isindst 17 API calls 17222->17225 17223->17218 17226 7ff689cb8020 20 API calls 17224->17226 17227 7ff689cb5339 17225->17227 17235 7ff689cb42e6 memcpy_s 17226->17235 17229 7ff689c9c550 _log10_special 8 API calls 17228->17229 17230 7ff689cae351 17229->17230 17254 7ff689cb3af4 17230->17254 17231 7ff689cb468f memcpy_s 17232 7ff689cb4327 memcpy_s 17250 7ff689cb4c6b memcpy_s 17232->17250 17252 7ff689cb4783 memcpy_s 17232->17252 17233 7ff689cb3c10 37 API calls 17240 7ff689cb50e7 17233->17240 17234 7ff689cb497b 17234->17234 17236 7ff689cb49cf 17234->17236 17237 7ff689cb533c memcpy_s 37 API calls 17234->17237 17235->17231 17235->17232 17238 7ff689ca4f08 memcpy_s 11 API calls 17235->17238 17236->17233 17237->17236 17239 7ff689cb4760 17238->17239 17241 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17239->17241 17243 7ff689cb533c memcpy_s 37 API calls 17240->17243 17247 7ff689cb5142 17240->17247 17241->17232 17242 7ff689cb52c8 17245 7ff689cb7e2c 37 API calls 17242->17245 17243->17247 17244 7ff689ca4f08 11 API calls memcpy_s 17244->17250 17245->17228 17246 7ff689ca4f08 11 API calls memcpy_s 17246->17252 17247->17242 17248 7ff689cb3c10 37 API calls 17247->17248 17253 7ff689cb533c memcpy_s 37 API calls 17247->17253 17248->17247 17249 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 17249->17252 17250->17234 17250->17236 17250->17244 17251 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 17250->17251 17251->17250 17252->17234 17252->17246 17252->17249 17253->17247 17255 7ff689cb3b13 17254->17255 17256 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17255->17256 17257 7ff689cb3b3e memcpy_s 17255->17257 17256->17257 17257->17181 17259 7ff689cae1d8 memcpy_s 17258->17259 17260 7ff689ca47c0 45 API calls 17259->17260 17261 7ff689cae292 memcpy_s 17259->17261 17260->17261 17261->17180 17263 7ff689cadf2b 17262->17263 17266 7ff689cadf78 memcpy_s 17262->17266 17264 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17263->17264 17265 7ff689cadf57 17264->17265 17265->17180 17267 7ff689cadfe3 17266->17267 17269 7ff689ca47c0 45 API calls 17266->17269 17268 7ff689caa4a4 __std_exception_copy 37 API calls 17267->17268 17272 7ff689cae025 memcpy_s 17268->17272 17269->17267 17270 7ff689caa900 _isindst 17 API calls 17271 7ff689cae0d0 17270->17271 17272->17270 17274 7ff689ca0c5f 17273->17274 17275 7ff689ca0c4e 17273->17275 17274->17275 17276 7ff689cad5fc _fread_nolock 12 API calls 17274->17276 17275->17100 17277 7ff689ca0c90 17276->17277 17278 7ff689ca0ca4 17277->17278 17279 7ff689caa948 __free_lconv_num 11 API calls 17277->17279 17280 7ff689caa948 __free_lconv_num 11 API calls 17278->17280 17279->17278 17280->17275 17282 7ff689ca4766 17281->17282 17284 7ff689ca476e 17281->17284 17283 7ff689ca47c0 45 API calls 17282->17283 17283->17284 17284->17111 17286 7ff689cad9d1 17285->17286 17287 7ff689ca47ff 17285->17287 17286->17287 17288 7ff689cb3304 45 API calls 17286->17288 17289 7ff689cada24 17287->17289 17288->17287 17290 7ff689cada3d 17289->17290 17292 7ff689ca480f 17289->17292 17291 7ff689cb2650 45 API calls 17290->17291 17290->17292 17291->17292 17292->17033 17299 7ff689cb6d88 17293->17299 17297 7ff689caf8a9 MultiByteToWideChar 17296->17297 17300 7ff689cb6dec 17299->17300 17301 7ff689c9c550 _log10_special 8 API calls 17300->17301 17302 7ff689cb00bd 17301->17302 17302->17132 17304 7ff689ca100f 17303->17304 17305 7ff689ca0ffd 17303->17305 17307 7ff689ca101d 17304->17307 17311 7ff689ca1059 17304->17311 17306 7ff689ca4f08 memcpy_s 11 API calls 17305->17306 17308 7ff689ca1002 17306->17308 17309 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17307->17309 17310 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17308->17310 17317 7ff689ca100d 17309->17317 17310->17317 17312 7ff689ca13d5 17311->17312 17314 7ff689ca4f08 memcpy_s 11 API calls 17311->17314 17313 7ff689ca4f08 memcpy_s 11 API calls 17312->17313 17312->17317 17315 7ff689ca1669 17313->17315 17316 7ff689ca13ca 17314->17316 17318 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17315->17318 17319 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17316->17319 17317->16998 17318->17317 17319->17312 17321 7ff689ca0704 17320->17321 17348 7ff689ca0464 17321->17348 17323 7ff689ca071d 17323->16651 17360 7ff689ca03bc 17324->17360 17328 7ff689c9c850 17327->17328 17329 7ff689c92930 GetCurrentProcessId 17328->17329 17330 7ff689c91c80 49 API calls 17329->17330 17331 7ff689c92979 17330->17331 17374 7ff689ca4984 17331->17374 17336 7ff689c91c80 49 API calls 17337 7ff689c929ff 17336->17337 17404 7ff689c92620 17337->17404 17340 7ff689c9c550 _log10_special 8 API calls 17341 7ff689c92a31 17340->17341 17341->16690 17343 7ff689ca0119 17342->17343 17345 7ff689c91b89 17342->17345 17344 7ff689ca4f08 memcpy_s 11 API calls 17343->17344 17346 7ff689ca011e 17344->17346 17345->16689 17345->16690 17347 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17346->17347 17347->17345 17349 7ff689ca04ce 17348->17349 17350 7ff689ca048e 17348->17350 17349->17350 17352 7ff689ca04da 17349->17352 17351 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17350->17351 17358 7ff689ca04b5 17351->17358 17359 7ff689ca546c EnterCriticalSection 17352->17359 17358->17323 17361 7ff689c91a20 17360->17361 17362 7ff689ca03e6 17360->17362 17361->16658 17361->16659 17362->17361 17363 7ff689ca0432 17362->17363 17364 7ff689ca03f5 memcpy_s 17362->17364 17373 7ff689ca546c EnterCriticalSection 17363->17373 17366 7ff689ca4f08 memcpy_s 11 API calls 17364->17366 17368 7ff689ca040a 17366->17368 17370 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17368->17370 17370->17361 17376 7ff689ca49de 17374->17376 17375 7ff689ca4a03 17377 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17375->17377 17376->17375 17378 7ff689ca4a3f 17376->17378 17380 7ff689ca4a2d 17377->17380 17413 7ff689ca2c10 17378->17413 17382 7ff689c9c550 _log10_special 8 API calls 17380->17382 17381 7ff689ca4b1c 17383 7ff689caa948 __free_lconv_num 11 API calls 17381->17383 17384 7ff689c929c3 17382->17384 17383->17380 17392 7ff689ca5160 17384->17392 17386 7ff689ca4af1 17388 7ff689caa948 __free_lconv_num 11 API calls 17386->17388 17387 7ff689ca4b40 17387->17381 17390 7ff689ca4b4a 17387->17390 17388->17380 17389 7ff689ca4ae8 17389->17381 17389->17386 17391 7ff689caa948 __free_lconv_num 11 API calls 17390->17391 17391->17380 17393 7ff689cab2c8 memcpy_s 11 API calls 17392->17393 17394 7ff689ca5177 17393->17394 17395 7ff689caeb98 memcpy_s 11 API calls 17394->17395 17397 7ff689ca51b7 17394->17397 17400 7ff689c929e5 17394->17400 17396 7ff689ca51ac 17395->17396 17398 7ff689caa948 __free_lconv_num 11 API calls 17396->17398 17397->17400 17551 7ff689caec20 17397->17551 17398->17397 17400->17336 17402 7ff689caa900 _isindst 17 API calls 17403 7ff689ca51fc 17402->17403 17405 7ff689c9262f 17404->17405 17406 7ff689c99390 2 API calls 17405->17406 17407 7ff689c92660 17406->17407 17408 7ff689c9266f MessageBoxW 17407->17408 17409 7ff689c92683 MessageBoxA 17407->17409 17410 7ff689c92690 17408->17410 17409->17410 17411 7ff689c9c550 _log10_special 8 API calls 17410->17411 17412 7ff689c926a0 17411->17412 17412->17340 17414 7ff689ca2c4e 17413->17414 17415 7ff689ca2c3e 17413->17415 17416 7ff689ca2c57 17414->17416 17420 7ff689ca2c85 17414->17420 17419 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17415->17419 17417 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17416->17417 17418 7ff689ca2c7d 17417->17418 17418->17381 17418->17386 17418->17387 17418->17389 17419->17418 17420->17415 17420->17418 17421 7ff689ca47c0 45 API calls 17420->17421 17423 7ff689ca2f34 17420->17423 17427 7ff689ca35a0 17420->17427 17453 7ff689ca3268 17420->17453 17483 7ff689ca2af0 17420->17483 17421->17420 17425 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17423->17425 17425->17415 17428 7ff689ca35e2 17427->17428 17429 7ff689ca3655 17427->17429 17430 7ff689ca367f 17428->17430 17431 7ff689ca35e8 17428->17431 17432 7ff689ca36af 17429->17432 17433 7ff689ca365a 17429->17433 17500 7ff689ca1b50 17430->17500 17440 7ff689ca35ed 17431->17440 17444 7ff689ca36be 17431->17444 17432->17430 17432->17444 17451 7ff689ca3618 17432->17451 17434 7ff689ca368f 17433->17434 17435 7ff689ca365c 17433->17435 17507 7ff689ca1740 17434->17507 17437 7ff689ca35fd 17435->17437 17443 7ff689ca366b 17435->17443 17452 7ff689ca36ed 17437->17452 17486 7ff689ca3f04 17437->17486 17440->17437 17441 7ff689ca3630 17440->17441 17440->17451 17441->17452 17496 7ff689ca43c0 17441->17496 17443->17430 17446 7ff689ca3670 17443->17446 17444->17452 17514 7ff689ca1f60 17444->17514 17449 7ff689ca4558 37 API calls 17446->17449 17446->17452 17447 7ff689c9c550 _log10_special 8 API calls 17448 7ff689ca3983 17447->17448 17448->17420 17449->17451 17451->17452 17521 7ff689cae858 17451->17521 17452->17447 17454 7ff689ca3273 17453->17454 17455 7ff689ca3289 17453->17455 17457 7ff689ca35e2 17454->17457 17458 7ff689ca3655 17454->17458 17459 7ff689ca32c7 17454->17459 17456 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17455->17456 17455->17459 17456->17459 17460 7ff689ca367f 17457->17460 17461 7ff689ca35e8 17457->17461 17462 7ff689ca36af 17458->17462 17463 7ff689ca365a 17458->17463 17459->17420 17466 7ff689ca1b50 38 API calls 17460->17466 17470 7ff689ca35ed 17461->17470 17472 7ff689ca36be 17461->17472 17462->17460 17462->17472 17481 7ff689ca3618 17462->17481 17464 7ff689ca368f 17463->17464 17465 7ff689ca365c 17463->17465 17468 7ff689ca1740 38 API calls 17464->17468 17467 7ff689ca35fd 17465->17467 17474 7ff689ca366b 17465->17474 17466->17481 17469 7ff689ca3f04 47 API calls 17467->17469 17482 7ff689ca36ed 17467->17482 17468->17481 17469->17481 17470->17467 17471 7ff689ca3630 17470->17471 17470->17481 17475 7ff689ca43c0 47 API calls 17471->17475 17471->17482 17473 7ff689ca1f60 38 API calls 17472->17473 17472->17482 17473->17481 17474->17460 17476 7ff689ca3670 17474->17476 17475->17481 17479 7ff689ca4558 37 API calls 17476->17479 17476->17482 17477 7ff689c9c550 _log10_special 8 API calls 17478 7ff689ca3983 17477->17478 17478->17420 17479->17481 17480 7ff689cae858 47 API calls 17480->17481 17481->17480 17481->17482 17482->17477 17534 7ff689ca0d14 17483->17534 17487 7ff689ca3f26 17486->17487 17488 7ff689ca0b80 12 API calls 17487->17488 17489 7ff689ca3f6e 17488->17489 17490 7ff689cae570 46 API calls 17489->17490 17491 7ff689ca4041 17490->17491 17492 7ff689ca47c0 45 API calls 17491->17492 17494 7ff689ca4063 17491->17494 17492->17494 17493 7ff689ca47c0 45 API calls 17495 7ff689ca40ec 17493->17495 17494->17493 17494->17494 17494->17495 17495->17451 17497 7ff689ca43d8 17496->17497 17499 7ff689ca4440 17496->17499 17498 7ff689cae858 47 API calls 17497->17498 17497->17499 17498->17499 17499->17451 17501 7ff689ca1b83 17500->17501 17502 7ff689ca1bb2 17501->17502 17504 7ff689ca1c6f 17501->17504 17503 7ff689ca0b80 12 API calls 17502->17503 17506 7ff689ca1bef 17502->17506 17503->17506 17505 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17504->17505 17505->17506 17506->17451 17508 7ff689ca1773 17507->17508 17509 7ff689ca17a2 17508->17509 17511 7ff689ca185f 17508->17511 17510 7ff689ca0b80 12 API calls 17509->17510 17513 7ff689ca17df 17509->17513 17510->17513 17512 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17511->17512 17512->17513 17513->17451 17515 7ff689ca1f93 17514->17515 17516 7ff689ca1fc2 17515->17516 17518 7ff689ca207f 17515->17518 17517 7ff689ca0b80 12 API calls 17516->17517 17520 7ff689ca1fff 17516->17520 17517->17520 17519 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17518->17519 17519->17520 17520->17451 17522 7ff689cae880 17521->17522 17523 7ff689cae8c5 17522->17523 17524 7ff689ca47c0 45 API calls 17522->17524 17526 7ff689cae885 memcpy_s 17522->17526 17530 7ff689cae8ae memcpy_s 17522->17530 17523->17526 17523->17530 17531 7ff689cb07e8 17523->17531 17524->17523 17525 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17525->17526 17526->17451 17530->17525 17530->17526 17532 7ff689cb080c WideCharToMultiByte 17531->17532 17535 7ff689ca0d41 17534->17535 17536 7ff689ca0d53 17534->17536 17537 7ff689ca4f08 memcpy_s 11 API calls 17535->17537 17539 7ff689ca0d60 17536->17539 17542 7ff689ca0d9d 17536->17542 17538 7ff689ca0d46 17537->17538 17540 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17538->17540 17541 7ff689caa814 _invalid_parameter_noinfo 37 API calls 17539->17541 17549 7ff689ca0d51 17540->17549 17541->17549 17543 7ff689ca0e46 17542->17543 17544 7ff689ca4f08 memcpy_s 11 API calls 17542->17544 17545 7ff689ca4f08 memcpy_s 11 API calls 17543->17545 17543->17549 17546 7ff689ca0e3b 17544->17546 17547 7ff689ca0ef0 17545->17547 17550 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17546->17550 17548 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17547->17548 17548->17549 17549->17420 17550->17543 17556 7ff689caec3d 17551->17556 17552 7ff689caec42 17553 7ff689ca51dd 17552->17553 17554 7ff689ca4f08 memcpy_s 11 API calls 17552->17554 17553->17400 17553->17402 17555 7ff689caec4c 17554->17555 17557 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17555->17557 17556->17552 17556->17553 17558 7ff689caec8c 17556->17558 17557->17553 17558->17553 17559 7ff689ca4f08 memcpy_s 11 API calls 17558->17559 17559->17555 17561 7ff689c985b1 GetTokenInformation 17560->17561 17562 7ff689c98633 __vcrt_freefls 17560->17562 17563 7ff689c985d2 GetLastError 17561->17563 17564 7ff689c985dd 17561->17564 17565 7ff689c98646 CloseHandle 17562->17565 17566 7ff689c9864c 17562->17566 17563->17562 17563->17564 17564->17562 17567 7ff689c985f9 GetTokenInformation 17564->17567 17565->17566 17566->16708 17567->17562 17568 7ff689c9861c 17567->17568 17568->17562 17569 7ff689c98626 ConvertSidToStringSidW 17568->17569 17569->17562 17571 7ff689c9c850 17570->17571 17572 7ff689c92b74 GetCurrentProcessId 17571->17572 17573 7ff689c926b0 48 API calls 17572->17573 17574 7ff689c92bc7 17573->17574 17575 7ff689ca4bd8 48 API calls 17574->17575 17576 7ff689c92c10 MessageBoxW 17575->17576 17577 7ff689c9c550 _log10_special 8 API calls 17576->17577 17578 7ff689c92c40 17577->17578 17578->16716 17580 7ff689c925e5 17579->17580 17581 7ff689ca4bd8 48 API calls 17580->17581 17582 7ff689c92604 17581->17582 17582->16734 17587 7ff689c981dc 17586->17587 17588 7ff689c99390 2 API calls 17587->17588 17589 7ff689c981fb 17588->17589 17776 7ff689c9456a 17775->17776 17777 7ff689c99390 2 API calls 17776->17777 17778 7ff689c9458f 17777->17778 17779 7ff689c9c550 _log10_special 8 API calls 17778->17779 17780 7ff689c945b7 17779->17780 17780->16760 17782 7ff689c97e2e 17781->17782 17783 7ff689c97f52 17782->17783 17784 7ff689c91c80 49 API calls 17782->17784 17785 7ff689c9c550 _log10_special 8 API calls 17783->17785 17789 7ff689c97eb5 17784->17789 17786 7ff689c97f83 17785->17786 17786->16760 17787 7ff689c91c80 49 API calls 17787->17789 17788 7ff689c94560 10 API calls 17788->17789 17789->17783 17789->17787 17789->17788 17790 7ff689c99390 2 API calls 17789->17790 17791 7ff689c97f23 CreateDirectoryW 17790->17791 17791->17783 17791->17789 17793 7ff689c91613 17792->17793 17794 7ff689c91637 17792->17794 17913 7ff689c91050 17793->17913 17796 7ff689c945c0 108 API calls 17794->17796 17798 7ff689c9164b 17796->17798 17800 7ff689c91682 17798->17800 17801 7ff689c91653 17798->17801 17802 7ff689c945c0 108 API calls 17800->17802 17804 7ff689ca4f08 memcpy_s 11 API calls 17801->17804 17806 7ff689c91696 17802->17806 17805 7ff689c91658 17804->17805 17807 7ff689c92910 54 API calls 17805->17807 17842 7ff689c9718b 17840->17842 17843 7ff689c97144 17840->17843 17842->16760 17843->17842 17977 7ff689ca5024 17843->17977 17845 7ff689c941a1 17844->17845 17846 7ff689c944e0 49 API calls 17845->17846 17847 7ff689c941db 17846->17847 17848 7ff689c944e0 49 API calls 17847->17848 17849 7ff689c941eb 17848->17849 17850 7ff689c9423c 17849->17850 17851 7ff689c9420d 17849->17851 17889 7ff689c91c80 49 API calls 17888->17889 17890 7ff689c94474 17889->17890 17890->16760 17914 7ff689c945c0 108 API calls 17913->17914 17915 7ff689c9108c 17914->17915 17916 7ff689c91094 17915->17916 17917 7ff689c910a9 17915->17917 17918 7ff689c92710 54 API calls 17916->17918 17919 7ff689ca06d4 73 API calls 17917->17919 17978 7ff689ca5031 17977->17978 17980 7ff689ca505e 17977->17980 17981 7ff689ca4f08 memcpy_s 11 API calls 17978->17981 17989 7ff689ca4fe8 17978->17989 17979 7ff689ca5081 17982 7ff689ca4f08 memcpy_s 11 API calls 17979->17982 17980->17979 17983 7ff689ca509d 17980->17983 17984 7ff689ca503b 17981->17984 17985 7ff689ca5086 17982->17985 17986 7ff689ca4f4c 45 API calls 17983->17986 17987 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17984->17987 17988 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 17985->17988 17991 7ff689ca5091 17986->17991 17990 7ff689ca5046 17987->17990 17988->17991 17989->17843 17990->17843 17991->17843 18056 7ff689ca5ec8 18055->18056 18057 7ff689ca5eee 18056->18057 18060 7ff689ca5f21 18056->18060 18058 7ff689ca4f08 memcpy_s 11 API calls 18057->18058 18059 7ff689ca5ef3 18058->18059 18061 7ff689caa8e0 _invalid_parameter_noinfo 37 API calls 18059->18061 18062 7ff689ca5f34 18060->18062 18063 7ff689ca5f27 18060->18063 18065 7ff689c94616 18061->18065 18074 7ff689caac28 18062->18074 18066 7ff689ca4f08 memcpy_s 11 API calls 18063->18066 18065->16796 18066->18065 18087 7ff689cb02d8 EnterCriticalSection 18074->18087 18447 7ff689ca78f8 18446->18447 18450 7ff689ca73d4 18447->18450 18449 7ff689ca7911 18449->16806 18451 7ff689ca73ef 18450->18451 18452 7ff689ca741e 18450->18452 18453 7ff689caa814 _invalid_parameter_noinfo 37 API calls 18451->18453 18460 7ff689ca546c EnterCriticalSection 18452->18460 18457 7ff689ca740f 18453->18457 18457->18449 18462 7ff689c9fe43 18461->18462 18464 7ff689c9fe71 18461->18464 18463 7ff689caa814 _invalid_parameter_noinfo 37 API calls 18462->18463 18466 7ff689c9fe63 18463->18466 18464->18466 18471 7ff689ca546c EnterCriticalSection 18464->18471 18466->16810 18473 7ff689c945c0 108 API calls 18472->18473 18474 7ff689c91493 18473->18474 18475 7ff689c9149b 18474->18475 18476 7ff689c914bc 18474->18476 18579 7ff689c96375 18578->18579 18580 7ff689c91c80 49 API calls 18579->18580 18581 7ff689c963b1 18580->18581 18582 7ff689c963ba 18581->18582 18583 7ff689c963dd 18581->18583 18584 7ff689c92710 54 API calls 18582->18584 18585 7ff689c94630 49 API calls 18583->18585 18601 7ff689c963d3 18584->18601 18587 7ff689c963f5 18585->18587 18590 7ff689c9c550 _log10_special 8 API calls 18601->18590 18868 7ff689cab150 _CreateFrameInfo 45 API calls 18867->18868 18870 7ff689caa3e1 18868->18870 18869 7ff689caa504 _CreateFrameInfo 45 API calls 18871 7ff689caa401 18869->18871 18870->18869 20558 7ff689cbad69 20561 7ff689ca5478 LeaveCriticalSection 20558->20561 15894 7ff689c9bae0 15895 7ff689c9bb0e 15894->15895 15896 7ff689c9baf5 15894->15896 15896->15895 15899 7ff689cad5fc 15896->15899 15900 7ff689cad647 15899->15900 15904 7ff689cad60b memcpy_s 15899->15904 15909 7ff689ca4f08 15900->15909 15901 7ff689cad62e HeapAlloc 15903 7ff689c9bb6e 15901->15903 15901->15904 15904->15900 15904->15901 15906 7ff689cb3590 15904->15906 15912 7ff689cb35d0 15906->15912 15918 7ff689cab2c8 GetLastError 15909->15918 15911 7ff689ca4f11 15911->15903 15917 7ff689cb02d8 EnterCriticalSection 15912->15917 15919 7ff689cab309 FlsSetValue 15918->15919 15923 7ff689cab2ec 15918->15923 15920 7ff689cab31b 15919->15920 15924 7ff689cab2f9 SetLastError 15919->15924 15935 7ff689caeb98 15920->15935 15923->15919 15923->15924 15924->15911 15926 7ff689cab348 FlsSetValue 15928 7ff689cab354 FlsSetValue 15926->15928 15929 7ff689cab366 15926->15929 15927 7ff689cab338 FlsSetValue 15930 7ff689cab341 15927->15930 15928->15930 15948 7ff689caaef4 15929->15948 15942 7ff689caa948 15930->15942 15941 7ff689caeba9 memcpy_s 15935->15941 15936 7ff689caebfa 15938 7ff689ca4f08 memcpy_s 10 API calls 15936->15938 15937 7ff689caebde HeapAlloc 15939 7ff689cab32a 15937->15939 15937->15941 15938->15939 15939->15926 15939->15927 15940 7ff689cb3590 memcpy_s 2 API calls 15940->15941 15941->15936 15941->15937 15941->15940 15943 7ff689caa94d RtlFreeHeap 15942->15943 15944 7ff689caa97c 15942->15944 15943->15944 15945 7ff689caa968 GetLastError 15943->15945 15944->15924 15946 7ff689caa975 __free_lconv_num 15945->15946 15947 7ff689ca4f08 memcpy_s 9 API calls 15946->15947 15947->15944 15953 7ff689caadcc 15948->15953 15965 7ff689cb02d8 EnterCriticalSection 15953->15965 20420 7ff689cbabe3 20421 7ff689cbabf3 20420->20421 20424 7ff689ca5478 LeaveCriticalSection 20421->20424

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FF689C989E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 7ff689c989e0-7ff689c98b26 call 7ff689c9c850 call 7ff689c99390 SetConsoleCtrlHandler GetStartupInfoW call 7ff689ca53f0 call 7ff689caa47c call 7ff689ca871c call 7ff689ca53f0 call 7ff689caa47c call 7ff689ca871c call 7ff689ca53f0 call 7ff689caa47c call 7ff689ca871c GetCommandLineW CreateProcessW 23 7ff689c98b28-7ff689c98b48 GetLastError call 7ff689c92c50 0->23 24 7ff689c98b4d-7ff689c98b89 RegisterClassW 0->24 31 7ff689c98e39-7ff689c98e5f call 7ff689c9c550 23->31 26 7ff689c98b91-7ff689c98be5 CreateWindowExW 24->26 27 7ff689c98b8b GetLastError 24->27 29 7ff689c98bef-7ff689c98bf4 ShowWindow 26->29 30 7ff689c98be7-7ff689c98bed GetLastError 26->30 27->26 32 7ff689c98bfa-7ff689c98c0a WaitForSingleObject 29->32 30->32 34 7ff689c98c88-7ff689c98c8f 32->34 35 7ff689c98c0c 32->35 37 7ff689c98c91-7ff689c98ca1 WaitForSingleObject 34->37 38 7ff689c98cd2-7ff689c98cd9 34->38 36 7ff689c98c10-7ff689c98c13 35->36 40 7ff689c98c15 GetLastError 36->40 41 7ff689c98c1b-7ff689c98c22 36->41 42 7ff689c98ca7-7ff689c98cb7 TerminateProcess 37->42 43 7ff689c98df8-7ff689c98e02 37->43 44 7ff689c98cdf-7ff689c98cf5 QueryPerformanceFrequency QueryPerformanceCounter 38->44 45 7ff689c98dc0-7ff689c98dd9 GetMessageW 38->45 40->41 41->37 46 7ff689c98c24-7ff689c98c41 PeekMessageW 41->46 51 7ff689c98cbf-7ff689c98ccd WaitForSingleObject 42->51 52 7ff689c98cb9 GetLastError 42->52 49 7ff689c98e11-7ff689c98e35 GetExitCodeProcess CloseHandle * 2 43->49 50 7ff689c98e04-7ff689c98e0a DestroyWindow 43->50 53 7ff689c98d00-7ff689c98d38 MsgWaitForMultipleObjects PeekMessageW 44->53 47 7ff689c98def-7ff689c98df6 45->47 48 7ff689c98ddb-7ff689c98de9 TranslateMessage DispatchMessageW 45->48 54 7ff689c98c43-7ff689c98c74 TranslateMessage DispatchMessageW PeekMessageW 46->54 55 7ff689c98c76-7ff689c98c86 WaitForSingleObject 46->55 47->43 47->45 48->47 49->31 50->49 51->43 52->51 56 7ff689c98d73-7ff689c98d7a 53->56 57 7ff689c98d3a 53->57 54->54 54->55 55->34 55->36 56->45 58 7ff689c98d7c-7ff689c98da5 QueryPerformanceCounter 56->58 59 7ff689c98d40-7ff689c98d71 TranslateMessage DispatchMessageW PeekMessageW 57->59 58->53 60 7ff689c98dab-7ff689c98db2 58->60 59->56 59->59 60->43 61 7ff689c98db4-7ff689c98db8 60->61 61->45
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                            • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                            • API String ID: 3832162212-3165540532
                                                                                                                                                                                            • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                            • Instruction ID: 31cc37e2faf46ab3d3a694efd42f42dff1710ab27f9370bb6c74aa854b401062
                                                                                                                                                                                            • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                            • Instruction Fuzzy Hash: BCD17072A08A82C6EB108F75E8542AD3B74FF84F5AF400239DA5E93AA4DF3DD545C740
                                                                                                                                                                                            Function 00007FF689C91000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 62 7ff689c91000-7ff689c93806 call 7ff689c9fe18 call 7ff689c9fe20 call 7ff689c9c850 call 7ff689ca53f0 call 7ff689ca5484 call 7ff689c936b0 76 7ff689c93814-7ff689c93836 call 7ff689c91950 62->76 77 7ff689c93808-7ff689c9380f 62->77 83 7ff689c9391b-7ff689c93931 call 7ff689c945c0 76->83 84 7ff689c9383c-7ff689c93856 call 7ff689c91c80 76->84 78 7ff689c93c97-7ff689c93cb2 call 7ff689c9c550 77->78 90 7ff689c93933-7ff689c93960 call 7ff689c97f90 83->90 91 7ff689c9396a-7ff689c9397f call 7ff689c92710 83->91 88 7ff689c9385b-7ff689c9389b call 7ff689c98830 84->88 95 7ff689c938c1-7ff689c938cc call 7ff689ca4f30 88->95 96 7ff689c9389d-7ff689c938a3 88->96 102 7ff689c93962-7ff689c93965 call 7ff689ca004c 90->102 103 7ff689c93984-7ff689c939a6 call 7ff689c91c80 90->103 104 7ff689c93c8f 91->104 111 7ff689c938d2-7ff689c938e1 call 7ff689c98830 95->111 112 7ff689c939fc-7ff689c93a2a call 7ff689c98940 call 7ff689c989a0 * 3 95->112 99 7ff689c938af-7ff689c938bd call 7ff689c989a0 96->99 100 7ff689c938a5-7ff689c938ad 96->100 99->95 100->99 102->91 113 7ff689c939b0-7ff689c939b9 103->113 104->78 120 7ff689c939f4-7ff689c939f7 call 7ff689ca4f30 111->120 121 7ff689c938e7-7ff689c938ed 111->121 137 7ff689c93a2f-7ff689c93a3e call 7ff689c98830 112->137 113->113 116 7ff689c939bb-7ff689c939d8 call 7ff689c91950 113->116 116->88 128 7ff689c939de-7ff689c939ef call 7ff689c92710 116->128 120->112 125 7ff689c938f0-7ff689c938fc 121->125 129 7ff689c938fe-7ff689c93903 125->129 130 7ff689c93905-7ff689c93908 125->130 128->104 129->125 129->130 130->120 132 7ff689c9390e-7ff689c93916 call 7ff689ca4f30 130->132 132->137 141 7ff689c93a44-7ff689c93a47 137->141 142 7ff689c93b45-7ff689c93b53 137->142 141->142 145 7ff689c93a4d-7ff689c93a50 141->145 143 7ff689c93a67 142->143 144 7ff689c93b59-7ff689c93b5d 142->144 146 7ff689c93a6b-7ff689c93a90 call 7ff689ca4f30 143->146 144->146 147 7ff689c93b14-7ff689c93b17 145->147 148 7ff689c93a56-7ff689c93a5a 145->148 157 7ff689c93a92-7ff689c93aa6 call 7ff689c98940 146->157 158 7ff689c93aab-7ff689c93ac0 146->158 150 7ff689c93b2f-7ff689c93b40 call 7ff689c92710 147->150 151 7ff689c93b19-7ff689c93b1d 147->151 148->147 149 7ff689c93a60 148->149 149->143 161 7ff689c93c7f-7ff689c93c87 150->161 151->150 153 7ff689c93b1f-7ff689c93b2a 151->153 153->146 157->158 159 7ff689c93ac6-7ff689c93aca 158->159 160 7ff689c93be8-7ff689c93bfa call 7ff689c98830 158->160 164 7ff689c93ad0-7ff689c93ae8 call 7ff689ca5250 159->164 165 7ff689c93bcd-7ff689c93be2 call 7ff689c91940 159->165 169 7ff689c93c2e 160->169 170 7ff689c93bfc-7ff689c93c02 160->170 161->104 175 7ff689c93b62-7ff689c93b7a call 7ff689ca5250 164->175 176 7ff689c93aea-7ff689c93b02 call 7ff689ca5250 164->176 165->159 165->160 177 7ff689c93c31-7ff689c93c40 call 7ff689ca4f30 169->177 173 7ff689c93c1e-7ff689c93c2c 170->173 174 7ff689c93c04-7ff689c93c1c 170->174 173->177 174->177 184 7ff689c93b87-7ff689c93b9f call 7ff689ca5250 175->184 185 7ff689c93b7c-7ff689c93b80 175->185 176->165 186 7ff689c93b08-7ff689c93b0f 176->186 187 7ff689c93d41-7ff689c93d63 call 7ff689c944e0 177->187 188 7ff689c93c46-7ff689c93c4a 177->188 197 7ff689c93ba1-7ff689c93ba5 184->197 198 7ff689c93bac-7ff689c93bc4 call 7ff689ca5250 184->198 185->184 186->165 201 7ff689c93d71-7ff689c93d82 call 7ff689c91c80 187->201 202 7ff689c93d65-7ff689c93d6f call 7ff689c94630 187->202 190 7ff689c93c50-7ff689c93c5f call 7ff689c990e0 188->190 191 7ff689c93cd4-7ff689c93ce6 call 7ff689c98830 188->191 206 7ff689c93c61 190->206 207 7ff689c93cb3-7ff689c93cb6 call 7ff689c98660 190->207 208 7ff689c93d35-7ff689c93d3c 191->208 209 7ff689c93ce8-7ff689c93ceb 191->209 197->198 198->165 221 7ff689c93bc6 198->221 212 7ff689c93d87-7ff689c93d96 201->212 202->212 215 7ff689c93c68 call 7ff689c92710 206->215 220 7ff689c93cbb-7ff689c93cbd 207->220 208->215 209->208 210 7ff689c93ced-7ff689c93d10 call 7ff689c91c80 209->210 228 7ff689c93d12-7ff689c93d26 call 7ff689c92710 call 7ff689ca4f30 210->228 229 7ff689c93d2b-7ff689c93d33 call 7ff689ca4f30 210->229 218 7ff689c93d98-7ff689c93d9f 212->218 219 7ff689c93dbc-7ff689c93dd2 call 7ff689c99390 212->219 222 7ff689c93c6d-7ff689c93c77 215->222 218->219 224 7ff689c93da1-7ff689c93da5 218->224 234 7ff689c93de0-7ff689c93dfc SetDllDirectoryW 219->234 235 7ff689c93dd4 219->235 226 7ff689c93cbf-7ff689c93cc6 220->226 227 7ff689c93cc8-7ff689c93ccf 220->227 221->165 222->161 224->219 230 7ff689c93da7-7ff689c93db6 LoadLibraryExW 224->230 226->215 227->212 228->222 229->212 230->219 238 7ff689c93e02-7ff689c93e11 call 7ff689c98830 234->238 239 7ff689c93ef9-7ff689c93f00 234->239 235->234 249 7ff689c93e13-7ff689c93e19 238->249 250 7ff689c93e2a-7ff689c93e34 call 7ff689ca4f30 238->250 241 7ff689c94000-7ff689c94008 239->241 242 7ff689c93f06-7ff689c93f0d 239->242 247 7ff689c9400a-7ff689c94027 PostMessageW GetMessageW 241->247 248 7ff689c9402d-7ff689c9405f call 7ff689c936a0 call 7ff689c93360 call 7ff689c93670 call 7ff689c96fc0 call 7ff689c96d70 241->248 242->241 246 7ff689c93f13-7ff689c93f1d call 7ff689c933c0 242->246 246->222 260 7ff689c93f23-7ff689c93f37 call 7ff689c990c0 246->260 247->248 254 7ff689c93e25-7ff689c93e27 249->254 255 7ff689c93e1b-7ff689c93e23 249->255 262 7ff689c93eea-7ff689c93ef4 call 7ff689c98940 250->262 263 7ff689c93e3a-7ff689c93e40 250->263 254->250 255->254 269 7ff689c93f39-7ff689c93f56 PostMessageW GetMessageW 260->269 270 7ff689c93f5c-7ff689c93f72 call 7ff689c98940 call 7ff689c989e0 260->270 262->239 263->262 267 7ff689c93e46-7ff689c93e4c 263->267 272 7ff689c93e4e-7ff689c93e50 267->272 273 7ff689c93e57-7ff689c93e59 267->273 269->270 284 7ff689c93f77-7ff689c93f9f call 7ff689c96fc0 call 7ff689c96d70 call 7ff689c988e0 270->284 276 7ff689c93e5f-7ff689c93e7b call 7ff689c96dc0 call 7ff689c97340 272->276 277 7ff689c93e52 272->277 273->239 273->276 289 7ff689c93e86-7ff689c93e8d 276->289 290 7ff689c93e7d-7ff689c93e84 276->290 277->239 311 7ff689c93fa1-7ff689c93fb7 call 7ff689c98ed0 call 7ff689c988e0 284->311 312 7ff689c93fed-7ff689c93ffb call 7ff689c91900 284->312 293 7ff689c93e8f-7ff689c93e9c call 7ff689c96e00 289->293 294 7ff689c93ea7-7ff689c93eb1 call 7ff689c971b0 289->294 292 7ff689c93ed3-7ff689c93ee8 call 7ff689c92a50 call 7ff689c96fc0 call 7ff689c96d70 290->292 292->239 293->294 305 7ff689c93e9e-7ff689c93ea5 293->305 306 7ff689c93eb3-7ff689c93eba 294->306 307 7ff689c93ebc-7ff689c93eca call 7ff689c974f0 294->307 305->292 306->292 307->239 319 7ff689c93ecc 307->319 311->312 323 7ff689c93fb9-7ff689c93fce 311->323 312->222 319->292 324 7ff689c93fd0-7ff689c93fe3 call 7ff689c92710 call 7ff689c91900 323->324 325 7ff689c93fe8 call 7ff689c92a50 323->325 324->222 325->312
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastModuleName
                                                                                                                                                                                            • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                            • API String ID: 2776309574-4232158417
                                                                                                                                                                                            • Opcode ID: 27943e01e1a6207795b46aedf17b893e8f8e32d3898c7290fa00b00b011f2019
                                                                                                                                                                                            • Instruction ID: 0e2e091f43a40a491fa6b402d7da9cbe89b8fbe93a9eb7b24d13e034932cff93
                                                                                                                                                                                            • Opcode Fuzzy Hash: 27943e01e1a6207795b46aedf17b893e8f8e32d3898c7290fa00b00b011f2019
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70327A21A0C682D1FB199F35D8543B926B1BF85F8AF84403ADA5DC32D6EF2EE558C310
                                                                                                                                                                                            Function 00007FF689CB5C00 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 334timeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 479 7ff689cb5c00-7ff689cb5c3b call 7ff689cb5588 call 7ff689cb5590 call 7ff689cb55f8 486 7ff689cb5c41-7ff689cb5c4c call 7ff689cb5598 479->486 487 7ff689cb5e65-7ff689cb5eb1 call 7ff689caa900 call 7ff689cb5588 call 7ff689cb5590 call 7ff689cb55f8 479->487 486->487 492 7ff689cb5c52-7ff689cb5c5c 486->492 512 7ff689cb5fef-7ff689cb605d call 7ff689caa900 call 7ff689cb1578 487->512 513 7ff689cb5eb7-7ff689cb5ec2 call 7ff689cb5598 487->513 495 7ff689cb5c7e-7ff689cb5c82 492->495 496 7ff689cb5c5e-7ff689cb5c61 492->496 499 7ff689cb5c85-7ff689cb5c8d 495->499 498 7ff689cb5c64-7ff689cb5c6f 496->498 501 7ff689cb5c71-7ff689cb5c78 498->501 502 7ff689cb5c7a-7ff689cb5c7c 498->502 499->499 503 7ff689cb5c8f-7ff689cb5ca2 call 7ff689cad5fc 499->503 501->498 501->502 502->495 505 7ff689cb5cab-7ff689cb5cb9 502->505 510 7ff689cb5ca4-7ff689cb5ca6 call 7ff689caa948 503->510 511 7ff689cb5cba-7ff689cb5cc6 call 7ff689caa948 503->511 510->505 520 7ff689cb5ccd-7ff689cb5cd5 511->520 531 7ff689cb605f-7ff689cb6066 512->531 532 7ff689cb606b-7ff689cb606e 512->532 513->512 522 7ff689cb5ec8-7ff689cb5ed3 call 7ff689cb55c8 513->522 520->520 523 7ff689cb5cd7-7ff689cb5ce8 call 7ff689cb0474 520->523 522->512 533 7ff689cb5ed9-7ff689cb5efc call 7ff689caa948 GetTimeZoneInformation 522->533 523->487 534 7ff689cb5cee-7ff689cb5d44 call 7ff689cba4d0 * 4 call 7ff689cb5b1c 523->534 537 7ff689cb60fb-7ff689cb60fe 531->537 535 7ff689cb6070 532->535 536 7ff689cb60a5-7ff689cb60b8 call 7ff689cad5fc 532->536 550 7ff689cb5fc4-7ff689cb5fee call 7ff689cb5580 call 7ff689cb5570 call 7ff689cb5578 533->550 551 7ff689cb5f02-7ff689cb5f23 533->551 591 7ff689cb5d46-7ff689cb5d4a 534->591 541 7ff689cb6073 535->541 557 7ff689cb60c3-7ff689cb60de call 7ff689cb1578 536->557 558 7ff689cb60ba 536->558 537->541 543 7ff689cb6104-7ff689cb610c call 7ff689cb5c00 537->543 546 7ff689cb6078-7ff689cb60a4 call 7ff689caa948 call 7ff689c9c550 541->546 547 7ff689cb6073 call 7ff689cb5e7c 541->547 543->546 547->546 552 7ff689cb5f2e-7ff689cb5f35 551->552 553 7ff689cb5f25-7ff689cb5f2b 551->553 560 7ff689cb5f49 552->560 561 7ff689cb5f37-7ff689cb5f3f 552->561 553->552 579 7ff689cb60e0-7ff689cb60e3 557->579 580 7ff689cb60e5-7ff689cb60f7 call 7ff689caa948 557->580 565 7ff689cb60bc-7ff689cb60c1 call 7ff689caa948 558->565 570 7ff689cb5f4b-7ff689cb5fbf call 7ff689cba4d0 * 4 call 7ff689cb2b5c call 7ff689cb6114 * 2 560->570 561->560 567 7ff689cb5f41-7ff689cb5f47 561->567 565->535 567->570 570->550 579->565 580->537 593 7ff689cb5d50-7ff689cb5d54 591->593 594 7ff689cb5d4c 591->594 593->591 596 7ff689cb5d56-7ff689cb5d7b call 7ff689ca6b58 593->596 594->593 602 7ff689cb5d7e-7ff689cb5d82 596->602 604 7ff689cb5d91-7ff689cb5d95 602->604 605 7ff689cb5d84-7ff689cb5d8f 602->605 604->602 605->604 607 7ff689cb5d97-7ff689cb5d9b 605->607 610 7ff689cb5e1c-7ff689cb5e20 607->610 611 7ff689cb5d9d-7ff689cb5dc5 call 7ff689ca6b58 607->611 612 7ff689cb5e22-7ff689cb5e24 610->612 613 7ff689cb5e27-7ff689cb5e34 610->613 619 7ff689cb5de3-7ff689cb5de7 611->619 620 7ff689cb5dc7 611->620 612->613 615 7ff689cb5e4f-7ff689cb5e5e call 7ff689cb5580 call 7ff689cb5570 613->615 616 7ff689cb5e36-7ff689cb5e4c call 7ff689cb5b1c 613->616 615->487 616->615 619->610 625 7ff689cb5de9-7ff689cb5e07 call 7ff689ca6b58 619->625 623 7ff689cb5dca-7ff689cb5dd1 620->623 623->619 626 7ff689cb5dd3-7ff689cb5de1 623->626 631 7ff689cb5e13-7ff689cb5e1a 625->631 626->619 626->623 631->610 632 7ff689cb5e09-7ff689cb5e0d 631->632 632->610 633 7ff689cb5e0f 632->633 633->631
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5C45
                                                                                                                                                                                              • Part of subcall function 00007FF689CB5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB55AC
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF689CAA8DF,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAA909
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF689CAA8DF,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAA92E
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5C34
                                                                                                                                                                                              • Part of subcall function 00007FF689CB55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB560C
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EAA
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EBB
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5ECC
                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF689CB610C), ref: 00007FF689CB5EF3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                            • API String ID: 4070488512-239921721
                                                                                                                                                                                            • Opcode ID: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                            • Instruction ID: f4df78c9c76a998611ad313fcc3a1a6d364d3dee8165a481c9316bfccf6bfeca
                                                                                                                                                                                            • Opcode Fuzzy Hash: c8e181fbda5929fcc8f6a75e148055e791a7ddaa32984997676ab034941af52a
                                                                                                                                                                                            • Instruction Fuzzy Hash: EFD1B022A18292C6EB209F22D5411B977B1FF98F96F448139EA4DC7696DF3EE841C740
                                                                                                                                                                                            Function 00007FF689CB6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 693 7ff689cb6964-7ff689cb69d7 call 7ff689cb6698 696 7ff689cb69f1-7ff689cb69fb call 7ff689ca8520 693->696 697 7ff689cb69d9-7ff689cb69e2 call 7ff689ca4ee8 693->697 702 7ff689cb6a16-7ff689cb6a7f CreateFileW 696->702 703 7ff689cb69fd-7ff689cb6a14 call 7ff689ca4ee8 call 7ff689ca4f08 696->703 704 7ff689cb69e5-7ff689cb69ec call 7ff689ca4f08 697->704 706 7ff689cb6a81-7ff689cb6a87 702->706 707 7ff689cb6afc-7ff689cb6b07 GetFileType 702->707 703->704 715 7ff689cb6d32-7ff689cb6d52 704->715 713 7ff689cb6ac9-7ff689cb6af7 GetLastError call 7ff689ca4e7c 706->713 714 7ff689cb6a89-7ff689cb6a8d 706->714 710 7ff689cb6b09-7ff689cb6b44 GetLastError call 7ff689ca4e7c CloseHandle 707->710 711 7ff689cb6b5a-7ff689cb6b61 707->711 710->704 727 7ff689cb6b4a-7ff689cb6b55 call 7ff689ca4f08 710->727 718 7ff689cb6b63-7ff689cb6b67 711->718 719 7ff689cb6b69-7ff689cb6b6c 711->719 713->704 714->713 720 7ff689cb6a8f-7ff689cb6ac7 CreateFileW 714->720 724 7ff689cb6b72-7ff689cb6bc7 call 7ff689ca8438 718->724 719->724 725 7ff689cb6b6e 719->725 720->707 720->713 732 7ff689cb6bc9-7ff689cb6bd5 call 7ff689cb68a0 724->732 733 7ff689cb6be6-7ff689cb6c17 call 7ff689cb6418 724->733 725->724 727->704 732->733 738 7ff689cb6bd7 732->738 739 7ff689cb6c19-7ff689cb6c1b 733->739 740 7ff689cb6c1d-7ff689cb6c5f 733->740 741 7ff689cb6bd9-7ff689cb6be1 call 7ff689caaac0 738->741 739->741 742 7ff689cb6c81-7ff689cb6c8c 740->742 743 7ff689cb6c61-7ff689cb6c65 740->743 741->715 746 7ff689cb6d30 742->746 747 7ff689cb6c92-7ff689cb6c96 742->747 743->742 745 7ff689cb6c67-7ff689cb6c7c 743->745 745->742 746->715 747->746 749 7ff689cb6c9c-7ff689cb6ce1 CloseHandle CreateFileW 747->749 750 7ff689cb6ce3-7ff689cb6d11 GetLastError call 7ff689ca4e7c call 7ff689ca8660 749->750 751 7ff689cb6d16-7ff689cb6d2b 749->751 750->751 751->746
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617910340-0
                                                                                                                                                                                            • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                            • Instruction ID: 2d3fcb1c222e54a0d211b8afeaeeb7498f8f545f9a1a9d399768d579cd42233d
                                                                                                                                                                                            • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                            • Instruction Fuzzy Hash: 86C1AE32B28A45C6EB10CFA5D5906AC37B1FB89FA9B011239EA1E97794DF3AD455C300
                                                                                                                                                                                            Function 00007FF689CB5E7C Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 959 7ff689cb5e7c-7ff689cb5eb1 call 7ff689cb5588 call 7ff689cb5590 call 7ff689cb55f8 966 7ff689cb5fef-7ff689cb605d call 7ff689caa900 call 7ff689cb1578 959->966 967 7ff689cb5eb7-7ff689cb5ec2 call 7ff689cb5598 959->967 978 7ff689cb605f-7ff689cb6066 966->978 979 7ff689cb606b-7ff689cb606e 966->979 967->966 972 7ff689cb5ec8-7ff689cb5ed3 call 7ff689cb55c8 967->972 972->966 980 7ff689cb5ed9-7ff689cb5efc call 7ff689caa948 GetTimeZoneInformation 972->980 983 7ff689cb60fb-7ff689cb60fe 978->983 981 7ff689cb6070 979->981 982 7ff689cb60a5-7ff689cb60b8 call 7ff689cad5fc 979->982 993 7ff689cb5fc4-7ff689cb5fee call 7ff689cb5580 call 7ff689cb5570 call 7ff689cb5578 980->993 994 7ff689cb5f02-7ff689cb5f23 980->994 985 7ff689cb6073 981->985 999 7ff689cb60c3-7ff689cb60de call 7ff689cb1578 982->999 1000 7ff689cb60ba 982->1000 983->985 987 7ff689cb6104-7ff689cb610c call 7ff689cb5c00 983->987 989 7ff689cb6078-7ff689cb60a4 call 7ff689caa948 call 7ff689c9c550 985->989 990 7ff689cb6073 call 7ff689cb5e7c 985->990 987->989 990->989 995 7ff689cb5f2e-7ff689cb5f35 994->995 996 7ff689cb5f25-7ff689cb5f2b 994->996 1002 7ff689cb5f49 995->1002 1003 7ff689cb5f37-7ff689cb5f3f 995->1003 996->995 1018 7ff689cb60e0-7ff689cb60e3 999->1018 1019 7ff689cb60e5-7ff689cb60f7 call 7ff689caa948 999->1019 1006 7ff689cb60bc-7ff689cb60c1 call 7ff689caa948 1000->1006 1010 7ff689cb5f4b-7ff689cb5fbf call 7ff689cba4d0 * 4 call 7ff689cb2b5c call 7ff689cb6114 * 2 1002->1010 1003->1002 1008 7ff689cb5f41-7ff689cb5f47 1003->1008 1006->981 1008->1010 1010->993 1018->1006 1019->983
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EAA
                                                                                                                                                                                              • Part of subcall function 00007FF689CB55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB560C
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EBB
                                                                                                                                                                                              • Part of subcall function 00007FF689CB5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB55AC
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5ECC
                                                                                                                                                                                              • Part of subcall function 00007FF689CB55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB55DC
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                            • GetTimeZoneInformation.KERNELBASE(?,?,?,?,?,?,?,?,?,00000000,?,00007FF689CB610C), ref: 00007FF689CB5EF3
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                            • String ID: Eastern Standard Time$Eastern Summer Time
                                                                                                                                                                                            • API String ID: 3458911817-239921721
                                                                                                                                                                                            • Opcode ID: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                            • Instruction ID: b59fd2980b16bc7c9df650924b308edda85714a50615d6927dd231a4f928876c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f2171165b001c2744b9d494c76d2a7753c36df5ed5d67f3075860c83c0dbe14
                                                                                                                                                                                            • Instruction Fuzzy Hash: E1514E32A08682C6E710DF22E9815A9B771BF98B8AF44513DEA4DC7796DF3EE441C740
                                                                                                                                                                                            Function 00007FF689C99280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                            • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                            • Instruction ID: 4a80dff9b6ebea53b13f63888ba47d4c7037d6cae0e7be29717bdcbd6f8a64f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F06822A18741C6F7A08FA4F4997667770BF84B69F440339D96D42AD5DF3DD049CA04
                                                                                                                                                                                            Function 00007FF689C91950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 331 7ff689c91950-7ff689c9198b call 7ff689c945c0 334 7ff689c91c4e-7ff689c91c72 call 7ff689c9c550 331->334 335 7ff689c91991-7ff689c919d1 call 7ff689c97f90 331->335 340 7ff689c919d7-7ff689c919e7 call 7ff689ca06d4 335->340 341 7ff689c91c3b-7ff689c91c3e call 7ff689ca004c 335->341 346 7ff689c91a08-7ff689c91a24 call 7ff689ca039c 340->346 347 7ff689c919e9-7ff689c91a03 call 7ff689ca4f08 call 7ff689c92910 340->347 345 7ff689c91c43-7ff689c91c4b 341->345 345->334 352 7ff689c91a45-7ff689c91a5a call 7ff689ca4f28 346->352 353 7ff689c91a26-7ff689c91a40 call 7ff689ca4f08 call 7ff689c92910 346->353 347->341 361 7ff689c91a7b-7ff689c91b05 call 7ff689c91c80 * 2 call 7ff689ca06d4 call 7ff689ca4f44 352->361 362 7ff689c91a5c-7ff689c91a76 call 7ff689ca4f08 call 7ff689c92910 352->362 353->341 375 7ff689c91b0a-7ff689c91b14 361->375 362->341 376 7ff689c91b35-7ff689c91b4e call 7ff689ca039c 375->376 377 7ff689c91b16-7ff689c91b30 call 7ff689ca4f08 call 7ff689c92910 375->377 383 7ff689c91b6f-7ff689c91b8b call 7ff689ca0110 376->383 384 7ff689c91b50-7ff689c91b6a call 7ff689ca4f08 call 7ff689c92910 376->384 377->341 391 7ff689c91b9e-7ff689c91bac 383->391 392 7ff689c91b8d-7ff689c91b99 call 7ff689c92710 383->392 384->341 391->341 395 7ff689c91bb2-7ff689c91bb9 391->395 392->341 397 7ff689c91bc1-7ff689c91bc7 395->397 398 7ff689c91be0-7ff689c91bef 397->398 399 7ff689c91bc9-7ff689c91bd6 397->399 398->398 400 7ff689c91bf1-7ff689c91bfa 398->400 399->400 401 7ff689c91c0f 400->401 402 7ff689c91bfc-7ff689c91bff 400->402 404 7ff689c91c11-7ff689c91c24 401->404 402->401 403 7ff689c91c01-7ff689c91c04 402->403 403->401 405 7ff689c91c06-7ff689c91c09 403->405 406 7ff689c91c26 404->406 407 7ff689c91c2d-7ff689c91c39 404->407 405->401 408 7ff689c91c0b-7ff689c91c0d 405->408 406->407 407->341 407->397 408->404
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C97F90: _fread_nolock.LIBCMT ref: 00007FF689C9803A
                                                                                                                                                                                            • _fread_nolock.LIBCMT ref: 00007FF689C91A1B
                                                                                                                                                                                              • Part of subcall function 00007FF689C92910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF689C91B6A), ref: 00007FF689C9295E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                            • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2397952137-3497178890
                                                                                                                                                                                            • Opcode ID: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
                                                                                                                                                                                            • Instruction ID: c1051d6d62697e956ceba031b3398f97d64782984481341b27353caf4d0fdd2b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63818F71B08686CAEB20DF14D4412B973B1BF84B8AF404439E98ED7B86DE3EE545C740
                                                                                                                                                                                            Function 00007FF689C91600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 409 7ff689c91600-7ff689c91611 410 7ff689c91613-7ff689c9161c call 7ff689c91050 409->410 411 7ff689c91637-7ff689c91651 call 7ff689c945c0 409->411 416 7ff689c9162e-7ff689c91636 410->416 417 7ff689c9161e-7ff689c91629 call 7ff689c92710 410->417 418 7ff689c91682-7ff689c9169c call 7ff689c945c0 411->418 419 7ff689c91653-7ff689c91681 call 7ff689ca4f08 call 7ff689c92910 411->419 417->416 426 7ff689c9169e-7ff689c916b3 call 7ff689c92710 418->426 427 7ff689c916b8-7ff689c916cf call 7ff689ca06d4 418->427 433 7ff689c91821-7ff689c91824 call 7ff689ca004c 426->433 434 7ff689c916d1-7ff689c916f4 call 7ff689ca4f08 call 7ff689c92910 427->434 435 7ff689c916f9-7ff689c916fd 427->435 442 7ff689c91829-7ff689c9183b 433->442 448 7ff689c91819-7ff689c9181c call 7ff689ca004c 434->448 436 7ff689c916ff-7ff689c9170b call 7ff689c91210 435->436 437 7ff689c91717-7ff689c91737 call 7ff689ca4f44 435->437 444 7ff689c91710-7ff689c91712 436->444 449 7ff689c91761-7ff689c9176c 437->449 450 7ff689c91739-7ff689c9175c call 7ff689ca4f08 call 7ff689c92910 437->450 444->448 448->433 453 7ff689c91802-7ff689c9180a call 7ff689ca4f30 449->453 454 7ff689c91772-7ff689c91777 449->454 462 7ff689c9180f-7ff689c91814 450->462 453->462 457 7ff689c91780-7ff689c917a2 call 7ff689ca039c 454->457 464 7ff689c917a4-7ff689c917bc call 7ff689ca0adc 457->464 465 7ff689c917da-7ff689c917e6 call 7ff689ca4f08 457->465 462->448 470 7ff689c917be-7ff689c917c1 464->470 471 7ff689c917c5-7ff689c917d8 call 7ff689ca4f08 464->471 472 7ff689c917ed-7ff689c917f8 call 7ff689c92910 465->472 470->457 473 7ff689c917c3 470->473 471->472 476 7ff689c917fd 472->476 473->476 476->453
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                            • API String ID: 2050909247-1550345328
                                                                                                                                                                                            • Opcode ID: bad4f66b2396e12d0ef35d42e6ebff520b547dc5d9fe1b27e2bc8e6725e1335c
                                                                                                                                                                                            • Instruction ID: 0739a06bb0babe45edafd82e389950207c21867a54b4958a585eff2028e89667
                                                                                                                                                                                            • Opcode Fuzzy Hash: bad4f66b2396e12d0ef35d42e6ebff520b547dc5d9fe1b27e2bc8e6725e1335c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50518D61B08643D2EA10AF51E8111B963B0BF84F9AF844539EE4D97BD6EF3EE655C300
                                                                                                                                                                                            Function 00007FF689C98660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,?,00000000,00007FF689C93CBB), ref: 00007FF689C98704
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00007FF689C93CBB), ref: 00007FF689C9870A
                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00007FF689C93CBB), ref: 00007FF689C9874C
                                                                                                                                                                                              • Part of subcall function 00007FF689C98830: GetEnvironmentVariableW.KERNEL32(00007FF689C9388E), ref: 00007FF689C98867
                                                                                                                                                                                              • Part of subcall function 00007FF689C98830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF689C98889
                                                                                                                                                                                              • Part of subcall function 00007FF689CA8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CA8251
                                                                                                                                                                                              • Part of subcall function 00007FF689C92810: MessageBoxW.USER32 ref: 00007FF689C928EA
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                            • API String ID: 3563477958-1339014028
                                                                                                                                                                                            • Opcode ID: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                            • Instruction ID: e31f7519bff0fb06f7c017b048b726eb7362d6ce672922e51c69910f6fe41e05
                                                                                                                                                                                            • Opcode Fuzzy Hash: 191653d34e5a06968e8282251bef030903df87164e49fe651f79a53b4d97858f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4341A151A19642C5FA14EF22E8552BA22B1BF85FCAF804139ED0DD77DADE3EE501C340
                                                                                                                                                                                            Function 00007FF689C91210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 756 7ff689c91210-7ff689c9126d call 7ff689c9bd80 759 7ff689c9126f-7ff689c91296 call 7ff689c92710 756->759 760 7ff689c91297-7ff689c912af call 7ff689ca4f44 756->760 765 7ff689c912b1-7ff689c912cf call 7ff689ca4f08 call 7ff689c92910 760->765 766 7ff689c912d4-7ff689c912e4 call 7ff689ca4f44 760->766 777 7ff689c91439-7ff689c9144e call 7ff689c9ba60 call 7ff689ca4f30 * 2 765->777 772 7ff689c912e6-7ff689c91304 call 7ff689ca4f08 call 7ff689c92910 766->772 773 7ff689c91309-7ff689c9131b 766->773 772->777 776 7ff689c91320-7ff689c91345 call 7ff689ca039c 773->776 783 7ff689c91431 776->783 784 7ff689c9134b-7ff689c91355 call 7ff689ca0110 776->784 793 7ff689c91453-7ff689c9146d 777->793 783->777 784->783 792 7ff689c9135b-7ff689c91367 784->792 794 7ff689c91370-7ff689c91398 call 7ff689c9a1c0 792->794 797 7ff689c91416-7ff689c9142c call 7ff689c92710 794->797 798 7ff689c9139a-7ff689c9139d 794->798 797->783 799 7ff689c9139f-7ff689c913a9 798->799 800 7ff689c91411 798->800 802 7ff689c913d4-7ff689c913d7 799->802 803 7ff689c913ab-7ff689c913b9 call 7ff689ca0adc 799->803 800->797 804 7ff689c913d9-7ff689c913e7 call 7ff689cb9e30 802->804 805 7ff689c913ea-7ff689c913ef 802->805 809 7ff689c913be-7ff689c913c1 803->809 804->805 805->794 808 7ff689c913f5-7ff689c913f8 805->808 811 7ff689c913fa-7ff689c913fd 808->811 812 7ff689c9140c-7ff689c9140f 808->812 813 7ff689c913cf-7ff689c913d2 809->813 814 7ff689c913c3-7ff689c913cd call 7ff689ca0110 809->814 811->797 815 7ff689c913ff-7ff689c91407 811->815 812->783 813->797 814->805 814->813 815->776
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                            • API String ID: 2050909247-2813020118
                                                                                                                                                                                            • Opcode ID: ef842027a1d970694cc0f789b50cc720652ec9763b74026d17365e7fd9a410f4
                                                                                                                                                                                            • Instruction ID: 54ce744a658e01ae1b7882bcee0c6b938787466849cb673e4794eff1f1c7eb51
                                                                                                                                                                                            • Opcode Fuzzy Hash: ef842027a1d970694cc0f789b50cc720652ec9763b74026d17365e7fd9a410f4
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6051C362B08682C5EA209F11E4513BA66B1BF85F9AF444139ED4ED7BD5EF3DE501C700
                                                                                                                                                                                            Function 00007FF689C936B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF689C93804), ref: 00007FF689C936E1
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C93804), ref: 00007FF689C936EB
                                                                                                                                                                                              • Part of subcall function 00007FF689C92C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92C9E
                                                                                                                                                                                              • Part of subcall function 00007FF689C92C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92D63
                                                                                                                                                                                              • Part of subcall function 00007FF689C92C50: MessageBoxW.USER32 ref: 00007FF689C92D99
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                            • API String ID: 3187769757-2863816727
                                                                                                                                                                                            • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                            • Instruction ID: 0863a0aecb1b0cf34c35ba564adf7a1cb189b99cb69c6d2c6f2ff8adf9471135
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D215161B1C642D1FB609F25EC153BA6270BF88B5AF80423AE65DC65D6FF2EE604C740
                                                                                                                                                                                            Function 00007FF689CABA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 846 7ff689caba5c-7ff689caba82 847 7ff689caba84-7ff689caba98 call 7ff689ca4ee8 call 7ff689ca4f08 846->847 848 7ff689caba9d-7ff689cabaa1 846->848 866 7ff689cabe8e 847->866 850 7ff689cabe77-7ff689cabe83 call 7ff689ca4ee8 call 7ff689ca4f08 848->850 851 7ff689cabaa7-7ff689cabaae 848->851 868 7ff689cabe89 call 7ff689caa8e0 850->868 851->850 853 7ff689cabab4-7ff689cabae2 851->853 853->850 857 7ff689cabae8-7ff689cabaef 853->857 858 7ff689cabaf1-7ff689cabb03 call 7ff689ca4ee8 call 7ff689ca4f08 857->858 859 7ff689cabb08-7ff689cabb0b 857->859 858->868 864 7ff689cabb11-7ff689cabb17 859->864 865 7ff689cabe73-7ff689cabe75 859->865 864->865 870 7ff689cabb1d-7ff689cabb20 864->870 869 7ff689cabe91-7ff689cabea8 865->869 866->869 868->866 870->858 873 7ff689cabb22-7ff689cabb47 870->873 875 7ff689cabb49-7ff689cabb4b 873->875 876 7ff689cabb7a-7ff689cabb81 873->876 879 7ff689cabb72-7ff689cabb78 875->879 880 7ff689cabb4d-7ff689cabb54 875->880 877 7ff689cabb83-7ff689cabbab call 7ff689cad5fc call 7ff689caa948 * 2 876->877 878 7ff689cabb56-7ff689cabb6d call 7ff689ca4ee8 call 7ff689ca4f08 call 7ff689caa8e0 876->878 909 7ff689cabbc8-7ff689cabbf3 call 7ff689cac284 877->909 910 7ff689cabbad-7ff689cabbc3 call 7ff689ca4f08 call 7ff689ca4ee8 877->910 907 7ff689cabd00 878->907 881 7ff689cabbf8-7ff689cabc0f 879->881 880->878 880->879 884 7ff689cabc11-7ff689cabc19 881->884 885 7ff689cabc8a-7ff689cabc94 call 7ff689cb391c 881->885 884->885 888 7ff689cabc1b-7ff689cabc1d 884->888 896 7ff689cabd1e 885->896 897 7ff689cabc9a-7ff689cabcaf 885->897 888->885 892 7ff689cabc1f-7ff689cabc35 888->892 892->885 899 7ff689cabc37-7ff689cabc43 892->899 905 7ff689cabd23-7ff689cabd43 ReadFile 896->905 897->896 901 7ff689cabcb1-7ff689cabcc3 GetConsoleMode 897->901 899->885 903 7ff689cabc45-7ff689cabc47 899->903 901->896 906 7ff689cabcc5-7ff689cabccd 901->906 903->885 908 7ff689cabc49-7ff689cabc61 903->908 911 7ff689cabd49-7ff689cabd51 905->911 912 7ff689cabe3d-7ff689cabe46 GetLastError 905->912 906->905 914 7ff689cabccf-7ff689cabcf1 ReadConsoleW 906->914 917 7ff689cabd03-7ff689cabd0d call 7ff689caa948 907->917 908->885 918 7ff689cabc63-7ff689cabc6f 908->918 909->881 910->907 911->912 920 7ff689cabd57 911->920 915 7ff689cabe63-7ff689cabe66 912->915 916 7ff689cabe48-7ff689cabe5e call 7ff689ca4f08 call 7ff689ca4ee8 912->916 923 7ff689cabd12-7ff689cabd1c 914->923 924 7ff689cabcf3 GetLastError 914->924 928 7ff689cabcf9-7ff689cabcfb call 7ff689ca4e7c 915->928 929 7ff689cabe6c-7ff689cabe6e 915->929 916->907 917->869 918->885 927 7ff689cabc71-7ff689cabc73 918->927 921 7ff689cabd5e-7ff689cabd73 920->921 921->917 931 7ff689cabd75-7ff689cabd80 921->931 923->921 924->928 927->885 935 7ff689cabc75-7ff689cabc85 927->935 928->907 929->917 937 7ff689cabd82-7ff689cabd9b call 7ff689cab674 931->937 938 7ff689cabda7-7ff689cabdaf 931->938 935->885 946 7ff689cabda0-7ff689cabda2 937->946 942 7ff689cabdb1-7ff689cabdc3 938->942 943 7ff689cabe2b-7ff689cabe38 call 7ff689cab4b4 938->943 947 7ff689cabe1e-7ff689cabe26 942->947 948 7ff689cabdc5 942->948 943->946 946->917 947->917 950 7ff689cabdca-7ff689cabdd1 948->950 951 7ff689cabdd3-7ff689cabdd7 950->951 952 7ff689cabe0d-7ff689cabe18 950->952 953 7ff689cabdf3 951->953 954 7ff689cabdd9-7ff689cabde0 951->954 952->947 956 7ff689cabdf9-7ff689cabe09 953->956 954->953 955 7ff689cabde2-7ff689cabde6 954->955 955->953 957 7ff689cabde8-7ff689cabdf1 955->957 956->950 958 7ff689cabe0b 956->958 957->956 958->947
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: bd5e670e2ac73c9d5051395424effa1a9c5fa8f9f080fcfac4df12f3bd03b0fb
                                                                                                                                                                                            • Instruction ID: 3f72a22b849d9b6402793d72ff9babca6bf12c2ecc51c186332f9761ca7900c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd5e670e2ac73c9d5051395424effa1a9c5fa8f9f080fcfac4df12f3bd03b0fb
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDC1BBA2A08A86D2F6608F15D4442BD7AF0FFC1F82F554139EA4EA3795CE7EE845C700
                                                                                                                                                                                            Function 00007FF689C98570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 995526605-0
                                                                                                                                                                                            • Opcode ID: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                            • Instruction ID: 28701ed9ce54701274d438fcb52a5cfeca26686fb9303efda0fa12fe677725eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c88e2159774aae00215e56fe2a2a719af09135261df6dbcfc7a62e4558c2eb4
                                                                                                                                                                                            • Instruction Fuzzy Hash: DC215E21A0C646C2EA108F56F54423AA7B4FFC5BA6F90023DEA6D87AE4DE7ED445C700
                                                                                                                                                                                            Function 00007FF689C990E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetCurrentProcess.KERNEL32 ref: 00007FF689C98590
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: OpenProcessToken.ADVAPI32 ref: 00007FF689C985A3
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetTokenInformation.KERNELBASE ref: 00007FF689C985C8
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetLastError.KERNEL32 ref: 00007FF689C985D2
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetTokenInformation.KERNELBASE ref: 00007FF689C98612
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF689C9862E
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: CloseHandle.KERNEL32 ref: 00007FF689C98646
                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF689C93C55), ref: 00007FF689C9916C
                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF689C93C55), ref: 00007FF689C99175
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                            • API String ID: 6828938-1529539262
                                                                                                                                                                                            • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                            • Instruction ID: d9644b578c20ba55502e7c72a9cdd345cfede0da68b6ab45ddd09728e217c2d5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 71214F61A08642C2FB509F11E8153EA7274FF88B86F844039EA4DC7B96DF3ED905C740
                                                                                                                                                                                            Function 00007FF689C97E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateDirectoryW.KERNELBASE(00000000,?,00007FF689C9352C,?,00000000,00007FF689C93F1B), ref: 00007FF689C97F32
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                            • String ID: %.*s$%s%c$\
                                                                                                                                                                                            • API String ID: 4241100979-1685191245
                                                                                                                                                                                            • Opcode ID: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                            • Instruction ID: addbbed209b1e3d27abbdaf5f6f186f61d7c134dc2298facc37721cb1f0759af
                                                                                                                                                                                            • Opcode Fuzzy Hash: 302ffdc47f1f131389ecc473fe7ae023bae846d875cccfc6523225b15fd92315
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2431A561719AC1C9EA219F21E8507AA6274FF84FE9F440239EA6D87BC9DE2DD605C700
                                                                                                                                                                                            Function 00007FF689CACF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF689CACF4B), ref: 00007FF689CAD07C
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF689CACF4B), ref: 00007FF689CAD107
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                            • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                            • Instruction ID: 34a27dab844d8d8a6e95b65a5ca84b138cdfe6c711d0bfcd8a7882a3df8e36e7
                                                                                                                                                                                            • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: D0919CB2E18652C9F7609F65D8402BD2AF0BF54F9AF54413DDE0EA6A85DF3AD442C700
                                                                                                                                                                                            Function 00007FF689CAF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                            • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                            • Instruction ID: 35073814e636c90d2404c38ba27cced4a17dfb1c91526e3b702e0f08fbe776e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                            • Instruction Fuzzy Hash: B751F4B2F05211CBEB14CF64E9556BC6BB1BF44B6AF50123DDD1EA2AE5DF39A402C600
                                                                                                                                                                                            Function 00007FF689CA577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                            • Opcode ID: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
                                                                                                                                                                                            • Instruction ID: a5b248dea682ab9951b47ac04231ecd2c3741e0809624ea1e11c9150a59c2e57
                                                                                                                                                                                            • Opcode Fuzzy Hash: f2931e55a17fed7c801103cab28c1f7fd047901bf7fa79ea6702d423310ad099
                                                                                                                                                                                            • Instruction Fuzzy Hash: E95149A2E08681CAEB10CFB1D4503BD27F2BF48BA9F158539DA0DAB689DF39D441C740
                                                                                                                                                                                            Function 00007FF689CA5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1279662727-0
                                                                                                                                                                                            • Opcode ID: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                            • Instruction ID: 6b56fc4c4fd3b7f85aab10197497bf2601f6323841a0cdb4ae69cbeb3ea0e7bc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8f3d5377b4ca72f71b0fe910297a4b2920b1cd85568e136600ee028e7f718979
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E4182A2E28781C7E6508F20D51036D76B1FF94BA5F109339E65C93AD5DF7DA5A0C700
                                                                                                                                                                                            Function 00007FF689C9CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3251591375-0
                                                                                                                                                                                            • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                            • Instruction ID: 774d890bd184a8b295b71d5c67383b3d6a0dcaf2a33ffff1d51027d13ef3dd5e
                                                                                                                                                                                            • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: BF313D21E88147C5FA64AF64D8523B926B1BF81F8EF44543CE94ED76D3DE2FA804C211
                                                                                                                                                                                            Function 00007FF689CA013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                            • Instruction ID: 3fbf8f77e11e10e722a0e7db1abc9d62a592163bdc0bde74152d2fdb394569a0
                                                                                                                                                                                            • Opcode Fuzzy Hash: e80cfa20b6c7ebf2f27a6dba6ddb06cb01cda21135ba71ef9e2cf3b7629ca058
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A51E9A1B0A241C6E764DE25D4006BA65F1BF86FE6F184738DE6EA37C5CE3ED401C600
                                                                                                                                                                                            Function 00007FF689CAC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                            • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                            • Instruction ID: 7f652fb649ca2fc72aab7cea813a1c490e4697f9216543ecc642c7ef2d5bfa16
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A11BBA2708A8185DA208B25E810069B2B1BF95FF1F540339EA7D9B7E8CE3DD011C700
                                                                                                                                                                                            Function 00007FF689CA5924 Relevance: 3.0, APIs: 2, Instructions: 40timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF689CA5839), ref: 00007FF689CA5957
                                                                                                                                                                                            • SystemTimeToTzSpecificLocalTime.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF689CA5839), ref: 00007FF689CA596D
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Time$System$FileLocalSpecific
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1707611234-0
                                                                                                                                                                                            • Opcode ID: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                            • Instruction ID: fa0952ba24703e219d85766a184a0f7c95e8d715d8964fbadf24e779fbf46ca5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 497c6f3b45805196ef8f930e068bad9451f3f50de380bc241881b145e929bf5b
                                                                                                                                                                                            • Instruction Fuzzy Hash: A1118C62A0C682C2EA548F25E41113EB7B1FF85B72F50023AFA9DC59D8EF2ED415DB00
                                                                                                                                                                                            Function 00007FF689CAA948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                            • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                            • Instruction ID: 892372e735fd71cb12666b43a5ed62f386bc6fe5f1f0fbbae9717962e0e7a4ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                            • Instruction Fuzzy Hash: 33E04F90F09202C2FE086FB2E84513816B17FC8F83F440038C80DD2292EE2D6841C210
                                                                                                                                                                                            Function 00007FF689CAAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNELBASE(?,?,?,00007FF689CAA9D5,?,?,00000000,00007FF689CAAA8A), ref: 00007FF689CAABC6
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689CAA9D5,?,?,00000000,00007FF689CAAA8A), ref: 00007FF689CAABD0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                            • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                            • Instruction ID: b450bdfa7be2bcd8df831db3def297281de45c5ac0685d56ab9633c6677d1c48
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                            • Instruction Fuzzy Hash: F42150B1B1868282FA949B51E45027926F3BF84FD6F04423DE92ED77D5CE6EA881C300
                                                                                                                                                                                            Function 00007FF689CABEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: cbeb3b5568c01fe22c816fd393b22aefbfa64644ae8ce1fe3b0dc090283c3b2e
                                                                                                                                                                                            • Instruction ID: e0f54e3ab8bf5b28eab8336733324e10e7e8b4091c35ee922357fedbead0344c
                                                                                                                                                                                            • Opcode Fuzzy Hash: cbeb3b5568c01fe22c816fd393b22aefbfa64644ae8ce1fe3b0dc090283c3b2e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6341B172908241C7EA648E29E9402797BF0FF95F82F141139E68ED36D1CF2EE402CB50
                                                                                                                                                                                            Function 00007FF689C97F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                            • Opcode ID: 450e6ba6509814850f3d50d55481b616261610bd67d5020dacef3c1ece41cf35
                                                                                                                                                                                            • Instruction ID: 9ee80099daf9d719c76cbffc6aefc153b0c20dcba69f0e3de1f306cf84c85695
                                                                                                                                                                                            • Opcode Fuzzy Hash: 450e6ba6509814850f3d50d55481b616261610bd67d5020dacef3c1ece41cf35
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB218021B18652C6EA509F23E9043BA96B1BF45FD9FC86438EE0D97786CE7FE041C200
                                                                                                                                                                                            Function 00007FF689CAB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                            • Instruction ID: a705afd3f4464278e5f8213ac8471f2c411b022b6a522af1c67c48e2c5ab9b87
                                                                                                                                                                                            • Opcode Fuzzy Hash: c2d01373d3233558d420055387ebca2c39d1ce99b2c1a08127fa32cb0ba5fec2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36316DB2A18652C6E7116F66D84137C2AF0BF84FA2F41013DE91DA73D2DE7EA841C711
                                                                                                                                                                                            Function 00007FF689CA5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                            • Instruction ID: b5d8e858a59f724bee502cf5e7f74f162905574bb7b6e826760efc753e3c7276
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 48114FB1A1C681C2EA609F51D80017DA2F5BF85FC6F448439EA8CA7A96DF3FD400D740
                                                                                                                                                                                            Function 00007FF689CB6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                            • Instruction ID: 0125461a2462ae43a02442b260ab7e93cb2b40bc035d2553ae4522bab5670fc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74215072A18A41C6EB618F18D54037976B0FF84FA6F544238E65D876D9DF3ED411CB00
                                                                                                                                                                                            Function 00007FF689CA03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                            • Instruction ID: cf710ec3289ca87352305453495e04253d73b2e310afb88b4d5b69b1e22cbf54
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                            • Instruction Fuzzy Hash: ED01C8A1A08745C1E504DF52D9000B9A6F1BF86FE1F484639DE5DA7BE6CE3DD401D710
                                                                                                                                                                                            Function 00007FF689CAEB98 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,00000000,00007FF689CAB32A,?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A), ref: 00007FF689CAEBED
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                            • Instruction ID: 248e5f6b817f3b5589f0c2a6ed8a8c4f2f9c767096c74eb755868b3e62da5981
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0190c006dd090f1dc8136ef035d08a675b61e1fdbed98732a32380f018d60316
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98F06D94F09202C0FE586E65E8592B812F07F88F82F4C4538C90FE73C2ED2EE480C264
                                                                                                                                                                                            Function 00007FF689CAD5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF689CA0C90,?,?,?,00007FF689CA22FA,?,?,?,?,?,00007FF689CA3AE9), ref: 00007FF689CAD63A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                            • Instruction ID: 6e55bc7ff23c525e9272a6e4af54fa85fbb28137dee8b4549c74ca2447f09a97
                                                                                                                                                                                            • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDF0DA90E19246C9FE545E61D9416B511F46F84FA3F080B38D92ED6AC2DD2EA480C610

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00007FF689C976C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressErrorLastProc
                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                            • API String ID: 199729137-3427451314
                                                                                                                                                                                            • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                            • Instruction ID: baf2a1d7ae0b5c6388df525c333536702a85860a0896486bf766a6fa120807cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1902A3A4A4EB07D5EA199F55F8105B436B1BF48F4BF84103DD82E826A0EF3EB54AC310
                                                                                                                                                                                            Function 00007FF689CB40AC Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1226COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
                                                                                                                                                                                            • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                            • API String ID: 808467561-2761157908
                                                                                                                                                                                            • Opcode ID: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                            • Instruction ID: 81265e542af602b8341c33b74a2cfca64edb2557c1ed4fcf86146a01437a5ffc
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7da0388417e7c773b0aab48e07e342724827a26e5879d16e5decf6c79e081c8c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6FB2BF72E1C292CBE7658E64D4407FD77B1FF54B8AF505139DA0A97A88DF3AA900CB40
                                                                                                                                                                                            Function 00007FF689C983C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C9842B
                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984AE
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984CD
                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984DB
                                                                                                                                                                                            • FindClose.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984EC
                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984F5
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                            • String ID: %s\*
                                                                                                                                                                                            • API String ID: 1057558799-766152087
                                                                                                                                                                                            • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                            • Instruction ID: cdd38bf595d72c418602dabc0bfd2f6e667d826eff70c1ecad87738562ae56ad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                            • Instruction Fuzzy Hash: 22417321A0C942D5EA209F65E4542BA7370FF94F5AF80023AE99EC36D4EF3EE549C740
                                                                                                                                                                                            Function 00007FF689C9ACAD Relevance: 12.0, Strings: 9, Instructions: 744COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: invalid bit length repeat$invalid code -- missing end-of-block$invalid code lengths set$invalid distance code$invalid distance too far back$invalid distances set$invalid literal/length code$invalid literal/lengths set$too many length or distance symbols
                                                                                                                                                                                            • API String ID: 0-2665694366
                                                                                                                                                                                            • Opcode ID: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                                                            • Instruction ID: 44a61360e2b550b997ecfc668a30367aa3f5627ac5b282e9876c07eff09406e7
                                                                                                                                                                                            • Opcode Fuzzy Hash: 14409f6b5173d9f28888b9fb9c68bcc2b54b8e7def706e6c40ef53002486e1ba
                                                                                                                                                                                            • Instruction Fuzzy Hash: DD52B172A146A68BE7A48F14D458B7E3BB9FF84B45F01413DE64A87780DF3AE944CB40
                                                                                                                                                                                            Function 00007FF689C9D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                            • Instruction ID: 5a0d87fd688d6d674554487182397f23cd29f0e5fee8f54979f9a218d8979c18
                                                                                                                                                                                            • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                            • Instruction Fuzzy Hash: D7312172608B85C6EB648F60E8403ED7774FB84B49F44403ADA4E97B96DF39D548C710
                                                                                                                                                                                            Function 00007FF689CAA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                            • Instruction ID: e326e65d153ce9fb5a80dda053e3152fc9ea7fa027531a121acc0e2f7f155396
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59315E36608B81CADB608F25E8402AE77B4FF88B99F540139EA9D83B59DF3DC545CB00
                                                                                                                                                                                            Function 00007FF689CB1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2227656907-0
                                                                                                                                                                                            • Opcode ID: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                            • Instruction ID: 7c95b0acc83b6ecadf691551a808a30cbbf0563ce4e1fb2a1290e8064548cd6a
                                                                                                                                                                                            • Opcode Fuzzy Hash: ee5daded1920a45b930385d49f4c9fb7106de6f00b6358014c2482279c1420ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34B1C062B18692C1EA609F22D4102B973B1FF44FE6F445139EA5D97BC9EE3EE541C300
                                                                                                                                                                                            Function 00007FF689C9D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                            • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                            • Instruction ID: b5ec8bfb1db239f28345b9084d8721dd59bc85279a9382ddf70c4b43cd8c4bf2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                            • Instruction Fuzzy Hash: BB114822B14B06CAEB008F60E8442A933B4FB59B59F440E39EA2D86BA4DF38D554C380
                                                                                                                                                                                            Function 00007FF689CB3C10 Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: memcpy_s
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1502251526-0
                                                                                                                                                                                            • Opcode ID: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                            • Instruction ID: c03e2f4066ac735a24bd0840ebc819aecde2c1e3a476d258d5789e23179afd42
                                                                                                                                                                                            • Opcode Fuzzy Hash: 723df14fe8405c9280d13974b9e0b256372cd2939c4def8ecbac686ef57d643c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36C1A272B1D68687E7248F59E04466AB7B1FB98B85F458139DB4A83784DE3EE801CB40
                                                                                                                                                                                            Function 00007FF689C9A47B Relevance: 4.1, Strings: 3, Instructions: 397COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $header crc mismatch$unknown header flags set
                                                                                                                                                                                            • API String ID: 0-1127688429
                                                                                                                                                                                            • Opcode ID: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                                                            • Instruction ID: 32a26c0cfae9be514966527293328b0b67611f40ce74555f3e1809f1baf801a8
                                                                                                                                                                                            • Opcode Fuzzy Hash: e32b299fc273864699ec3bddfbf8fc958dab4a7742ffdf8f0166f3b43fcc42d1
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8BF16E72A187D5CBE7A58F19C088A3A3AB9FF44B49F06453CDA4987790DF3AE941C740
                                                                                                                                                                                            Function 00007FF689CB9728 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionRaise_clrfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 15204871-0
                                                                                                                                                                                            • Opcode ID: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                            • Instruction ID: 87eb8ac909377428171b31ccc9b5f8926a8d04a25693afdc1b860ee5acf85c2b
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4cc0e8a2f7e024105bf8074fef1866164229a93701b52dcf00f6f20498becf3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46B11777A04B89CBEB958F29C8463687BB0FB44F49F158929DA5D837A4CF3AD451C700
                                                                                                                                                                                            Function 00007FF689CA39A4 Relevance: 2.8, Strings: 2, Instructions: 350COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $
                                                                                                                                                                                            • API String ID: 0-227171996
                                                                                                                                                                                            • Opcode ID: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                            • Instruction ID: 9bfc76ff51b3df499fca12fec53baecd0d818b837204632c8af978b76495a05f
                                                                                                                                                                                            • Opcode Fuzzy Hash: e57f1980f4491aea9eb328a1e81193c2bccc9a7e68d1918bb9b7207cf9600634
                                                                                                                                                                                            • Instruction Fuzzy Hash: D1E1B1B2A08656C6EB689E65D06013933F0FF44F89F24423DDA0EA76D4DF2BE941C340
                                                                                                                                                                                            Function 00007FF689C9A2DB Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: incorrect header check$invalid window size
                                                                                                                                                                                            • API String ID: 0-900081337
                                                                                                                                                                                            • Opcode ID: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                                                            • Instruction ID: 408012a7a927717691cc116afb2ee5453e69e79d376386d2a57de5eeebfe1f74
                                                                                                                                                                                            • Opcode Fuzzy Hash: e8ec78490181e4ccec650f854842bb3e08bcfae3bf2db5596c2af0d8e2ff5899
                                                                                                                                                                                            • Instruction Fuzzy Hash: 40917372A18286CBE7A48F19D448B3E3AB9FF44B59F12413DDA4A86690CF39E540CB40
                                                                                                                                                                                            Function 00007FF689CADEF0 Relevance: 2.6, Strings: 2, Instructions: 144COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: e+000$gfff
                                                                                                                                                                                            • API String ID: 0-3030954782
                                                                                                                                                                                            • Opcode ID: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                            • Instruction ID: f6d57e5edfdfebafb78d910561d3715946f47ec0abea1e1ad16cbbebc64b20a0
                                                                                                                                                                                            • Opcode Fuzzy Hash: c8a24eaff8c968987b4d031b15ae93849e98bcf9eddb8930961e84febef9b5bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 065124A2B182C586E7258E35D80076ABBF1FB44F95F488239CB988BAD5CE3ED445C701
                                                                                                                                                                                            Function 00007FF689CB08C8 Relevance: 2.0, APIs: 1, Instructions: 461COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentFeaturePresentProcessProcessor
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1010374628-0
                                                                                                                                                                                            • Opcode ID: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                            • Instruction ID: d7be0150a461a566cf7befaade6a28298c4096b8d63d4b7f7e148a22df62ad7a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 537422541fbed36a77ddee3a41e978a3695e14332b64c7d8d0a2d6c09592a1ae
                                                                                                                                                                                            • Instruction Fuzzy Hash: F7024821A1D656C1FA55EF22D45027936B0BF41FA2F45863CED6EE63DADE3EA401C300
                                                                                                                                                                                            Function 00007FF689CADA5C Relevance: 1.5, Strings: 1, Instructions: 254COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: gfffffff
                                                                                                                                                                                            • API String ID: 0-1523873471
                                                                                                                                                                                            • Opcode ID: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                            • Instruction ID: 5aa394448512910574538011ef410c4812e6866d6c61709c32c062d8f1f4de02
                                                                                                                                                                                            • Opcode Fuzzy Hash: bcab6200947a377332474fa44b4677218d40dcace4b26705986274372b0e4f91
                                                                                                                                                                                            • Instruction Fuzzy Hash: 81A124A2A0878A86EB21CF25E4007AA7BF1BF55F84F458136DA8D97BC5DE3ED501C701
                                                                                                                                                                                            Function 00007FF689CA8794 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: TMP
                                                                                                                                                                                            • API String ID: 3215553584-3125297090
                                                                                                                                                                                            • Opcode ID: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                            • Instruction ID: bb02bd7dd3a4890e449bb3d7df7b764885c8f02a17d7d50d34d0bb35cf713ad5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 09cdd7cf7fc9e7e425d724a32e8c9d3bd5c12dba7606eca5b930980d9b4d1239
                                                                                                                                                                                            • Instruction Fuzzy Hash: EB5170A1B08602C3EA54AE27E91117A52F1BF44FD6F58443CDE1EE7796EE3EE445C200
                                                                                                                                                                                            Function 00007FF689CB3480 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: HeapProcess
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 54951025-0
                                                                                                                                                                                            • Opcode ID: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                            • Instruction ID: 9c2aa6b838c52e5a9c93765cd301b5c706f5df11f8cfc263cd01f16f2c45ff75
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f9e0516fd534d967cb731c121838b59470578846d262458ea046ba55ab40ebf
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2BB09220E07A02C2FA082F21AC8621822B87F88B02F98013CC00C80332DE2D20E59701
                                                                                                                                                                                            Function 00007FF689CA35A0 Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                            • Instruction ID: d0bf9e07e075585237d91b82a512634061855ea24fa583a80b807101de47c0be
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5eca4e5ff3e7205525bf20f3b63783aa462e3e7adb0228d62bb7e98ab9f5e9bb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 7AD1BDA2A08642CAEB688E29D56427D27F0BF05F59F24423DCE0DA77D5DF2BE845C740
                                                                                                                                                                                            Function 00007FF689C99800 Relevance: .3, Instructions: 287COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                            • Instruction ID: 800dacaaf8fd33e62444dce91853fc1f8dd90c56b9a5338eba830e853ef280f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: e75d751cc15dfd510e55d83c6141b0e8cb11d18cbed01e0c543b372a0114c593
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5DC18E762181E0CBD289EB29E46947A73E1FB8930EB95406BEF87477C5CB3CA514DB10
                                                                                                                                                                                            Function 00007FF689CA2C10 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                            • Instruction ID: 9690aa377d418308d6a1083fb98b5082670740ac27bdd6e2be8e6f3e63c36d06
                                                                                                                                                                                            • Opcode Fuzzy Hash: aa73bfa000bc8cd66a05f12d530b76a597660d7bda6a6781f52cf2f49ffced0b
                                                                                                                                                                                            • Instruction Fuzzy Hash: CFB14CB2A086A5C6E7648F29C45467C3BF0FB49F8AF244139CA4EA7395CF3AD481C744
                                                                                                                                                                                            Function 00007FF689CAE570 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                            • Instruction ID: c94a9e0969b7d87f2af9c8d2a79bc101c9e93ba0d3f44e0aae0b957987a3455d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9611c2e0762efa78d7f6da3d8515592aa8d86601c49200b7335873453b670326
                                                                                                                                                                                            • Instruction Fuzzy Hash: EA81C2B2A0878186E774CF19E45436E6AF1FF85B94F104639DA9D93B89DE3EE400CB40
                                                                                                                                                                                            Function 00007FF689CB6418 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: c4c9f5a32dfdae123a950871ad542e5144b1bba19a2b1a1cf20ca827a7dd530f
                                                                                                                                                                                            • Instruction ID: 559f4b336fa506c27f716d8d958715b6ba743316b2cc0589e718737b6b81c2cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: c4c9f5a32dfdae123a950871ad542e5144b1bba19a2b1a1cf20ca827a7dd530f
                                                                                                                                                                                            • Instruction Fuzzy Hash: F761AE62E08692C6EB648E68D65467976B0BF40F72F14423DF61EC2AD5DE7FE804CB00
                                                                                                                                                                                            Function 00007FF689CA1944 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                            • Instruction ID: a02d483b197601a07e1a009f7564bc2fcb2fbb5b5d52fedb467714311d6b4abf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 68a3f5aab59b2fac328bd6ba34d5b1cd1fa94c6914f84dc4a79da3b9d8ff9a98
                                                                                                                                                                                            • Instruction Fuzzy Hash: A0515AB6B18651C6E7248E29D04022827F0FF49F69F244139CA8DA77A4DF2BED43C740
                                                                                                                                                                                            Function 00007FF689CA2164 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                            • Instruction ID: 5aa7fe04fa8d39890da03e2d3b5d8abad88429078a52282b586917148cae98e6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e69dfdcc94a0aa650623f7423aa354004c1f2fa01d5c1268249020d4c21f447
                                                                                                                                                                                            • Instruction Fuzzy Hash: D4513DB6A18661C6EB248F29C44063827F1FF59F69F244239CA4DA7795CF2BE843C740
                                                                                                                                                                                            Function 00007FF689CA1D54 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                            • Instruction ID: bf8a744f413736eea8daeab6d7ae211754d2138cc84c033b90755dc4d2d0b152
                                                                                                                                                                                            • Opcode Fuzzy Hash: 27099d1c67046ba5536a5c52bb1b19252402c8bb4a5167aa336477e7b6d5f807
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4F515DB6B28651C6E7658F29C04422823F1FF45FA9F244139DA8DA7794CF3BE852C740
                                                                                                                                                                                            Function 00007FF689CA1B50 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                            • Instruction ID: ffc72d1d5c346f6c017790e80d504c916f4397f27ecbe9a9e1766621eee35aea
                                                                                                                                                                                            • Opcode Fuzzy Hash: dc981bf603441a130e1c6ba5e96f77be0c3c60e19ec03e3d560a09712d731568
                                                                                                                                                                                            • Instruction Fuzzy Hash: 48516DB6B18A51C6E7258F29D04422827F1FF49F59F245139CA4DA7794DF3BE842C740
                                                                                                                                                                                            Function 00007FF689CA1740 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                            • Instruction ID: 85ef4f5e69957f91679d5b1baa9de2864ccbce6ed70ac14f7ccc1515151bb8f0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3943df286285c50b07f09d339b53caaa0afa34ddfac4fad96d8a3f7ffd6ad23b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 605138B6B28651C6E7248E29C05422827F1FF45F69F295139CA4DA7798CF2BED42C780
                                                                                                                                                                                            Function 00007FF689CA1F60 Relevance: .1, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                            • Instruction ID: a88a231d08f825330f1602039d178f2603d448d0e0132eb0b62a2c7d29b8d9f4
                                                                                                                                                                                            • Opcode Fuzzy Hash: e734bc54909bdf7d9c6fd1772be64da5dc64d4f5bf3044a39ac3ba7850561882
                                                                                                                                                                                            • Instruction Fuzzy Hash: 10516AB6B286A1C6E7248F29C44062827F1FF44F59F644139CA4DA77A9CF3BE842C740
                                                                                                                                                                                            Function 00007FF689CA5D30 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                            • Instruction ID: 4369048d4e8b6dc16202534a1512e184a5236a193e05a94f2ec162a7a5457341
                                                                                                                                                                                            • Opcode Fuzzy Hash: dde3b7cfbcf26fc8d7513faefc9a59c4b8821272907dfbb35b6db6355186da00
                                                                                                                                                                                            • Instruction Fuzzy Hash: C34151E2C197CA85F9998D1886086BC26F2BF12FA2D58D27CDD99B73D7CD0F6946C100
                                                                                                                                                                                            Function 00007FF689CA9EA0 Relevance: .1, Instructions: 126COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                            • Opcode ID: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                            • Instruction ID: c5f4c1a1e9fc35bbdc3c372d0c8c16c05e8be4f76b7ebea773fd17529baee742
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c7003d4bfacf113f63307708dabd17e5ede6cda44dccf6aa27d02a6b9ea0481
                                                                                                                                                                                            • Instruction Fuzzy Hash: F341E262714A55C2EF44CF2AD954169B7B2BB48FD4B49903AEE0DD7B58DE3ED442C300
                                                                                                                                                                                            Function 00007FF689CA80E4 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                            • Instruction ID: 4844a414b9f36b42fdea6a80764ece9d34e0787533c82a6ce80a7e787fbe3d9b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2b8cddb4ee5dd57f1c7573491c8f445712dd312cb7e9e547cfd0f9c072f4c0c7
                                                                                                                                                                                            • Instruction Fuzzy Hash: D0319172A08B4282E6649F26A84013D7AF5BF84F91F14423CEA5EA3B95DF3DD002C704
                                                                                                                                                                                            Function 00007FF689CB9570 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                            • Instruction ID: 9e585bf19601c608e87ce95fa62c38d03cf13d3385ab6d17ac8d118f0eba1fe5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5d3ac10822f6242d2b374fc0e1218152d8e80c351f0dfcd4fab21387456caa74
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3AF044717582968AEB988F6DE40262977F0FF48785F40803DD589C3B14DE3D9052CF04
                                                                                                                                                                                            Function 00007FF689C9D30C Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                            • Opcode ID: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                            • Instruction ID: 15b9de3188f05e97a7e7eab041e96fced9c89bfe70957c0ac68a6fe1667d9c7d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3c3909751b2697c6481bc0460501d6177e5cf72f77169ad8285d6e0cd944102a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FA0012190C84AE4E6488F00E9900292630BF98B06B800039E10EA14A2DE2EA404D201
                                                                                                                                                                                            Function 00007FF689C95830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95840
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95852
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95889
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9589B
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958B4
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958C6
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958DF
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958F1
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9590D
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9591F
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9593B
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9594D
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95969
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9597B
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95997
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C959A9
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C959C5
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C959D7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressErrorLastProc
                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                            • API String ID: 199729137-653951865
                                                                                                                                                                                            • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                            • Instruction ID: 437edbb8a5f6133e4633eb7f1728bfa640da6d2cc066de4c25e8e14752fe2ade
                                                                                                                                                                                            • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                            • Instruction Fuzzy Hash: BA2290A4A8DB4BD2FA159F5AFC545B432B0BF45F8BB84143DC81E82264EF3EA549C310
                                                                                                                                                                                            Function 00007FF689C981D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C99390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF689C945F4,00000000,00007FF689C91985), ref: 00007FF689C993C9
                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,00007FF689C986B7,?,?,00000000,00007FF689C93CBB), ref: 00007FF689C9822C
                                                                                                                                                                                              • Part of subcall function 00007FF689C92810: MessageBoxW.USER32 ref: 00007FF689C928EA
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                            • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                            • API String ID: 1662231829-930877121
                                                                                                                                                                                            • Opcode ID: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                            • Instruction ID: fa047b5dd2f7120de066632d1fd754e4727c550c52d8f317564a6b48931f0153
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9187bed43bf71c5340eadf58a1920dd2feb36a2730cc38c17813087cef3183ed
                                                                                                                                                                                            • Instruction Fuzzy Hash: E0519551A2DA42C1FB509F26E8512BA62B0BF94F8AF44443DDA4EC76D6EF3EE504C740
                                                                                                                                                                                            Function 00007FF689C92180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                            • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                            • Instruction ID: 2ccaf97f91c298483e3e7c6e1f7f6fa0fd3f7bb9963a56a796fde13d1ab81640
                                                                                                                                                                                            • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC512826614BA1C6D6349F22E4181BABBB1FB98B66F004125EFCE83694DF3CD045DB10
                                                                                                                                                                                            Function 00007FF689C980C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                            • String ID: Needs to remove its temporary files.
                                                                                                                                                                                            • API String ID: 3975851968-2863640275
                                                                                                                                                                                            • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                            • Instruction ID: b7aacb4fe4ae18721572f801f717d586ace5caed9da30a9e39bb6b59e1cddd66
                                                                                                                                                                                            • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                            • Instruction Fuzzy Hash: 92217F21B08A82C2EB458F7AE8441797670FF88F9AF585239DA2DC33D8DE2DD591C210
                                                                                                                                                                                            Function 00007FF689CA6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: -$:$f$p$p
                                                                                                                                                                                            • API String ID: 3215553584-2013873522
                                                                                                                                                                                            • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                            • Instruction ID: bf47fc37fc99b1c2829b2954107205336d7a45f973d26db7837d63566687fd12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                            • Instruction Fuzzy Hash: 611290A2E08243C6FB209E25D2546B976F1FF50F56F844139F689A66C4DF3EE980CB14
                                                                                                                                                                                            Function 00007FF689CA0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: f$f$p$p$f
                                                                                                                                                                                            • API String ID: 3215553584-1325933183
                                                                                                                                                                                            • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                            • Instruction ID: 3b8942f915bd9ef882bfacf70dc4415024721c8cc4f329af52f35deaab6d5a83
                                                                                                                                                                                            • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                            • Instruction Fuzzy Hash: 841284A2F0D143C6FB205E14E4546BA76F2FF50B56F884039D69AA69C4DF7EE480CB14
                                                                                                                                                                                            Function 00007FF689C91050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2050909247-3659356012
                                                                                                                                                                                            • Opcode ID: 51ed2069dcc77bc9e1fc174e345b607b152f4ecc3aa0b3ffe6b3f57d60af99b5
                                                                                                                                                                                            • Instruction ID: 6038e6fef1b8f354aa17f708f137e34c8a881f68763a8763ff4fc8039e5ead33
                                                                                                                                                                                            • Opcode Fuzzy Hash: 51ed2069dcc77bc9e1fc174e345b607b152f4ecc3aa0b3ffe6b3f57d60af99b5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 84419E62B08652D2EA10DF12E8016BA67B4BF84FCAF84443AED4D97796DE3EE501C740
                                                                                                                                                                                            Function 00007FF689C91470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2050909247-3659356012
                                                                                                                                                                                            • Opcode ID: 3b696d39ae73abef91bd768ebae40dec3d094c79cc79aec13009923dda40fe1e
                                                                                                                                                                                            • Instruction ID: 861b2d469a1eff139dec6cd2d2353b14cb6966396f80b9d17d8afe0e77e93184
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b696d39ae73abef91bd768ebae40dec3d094c79cc79aec13009923dda40fe1e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F415E62B08642C6EA10DF21D4415B963B0BF84F9AF84453AED5D9BB96DE3EE501C704
                                                                                                                                                                                            Function 00007FF689C9EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                            • Instruction ID: 0639849ea7426e71f69d57032b848445fa385ba4f0930637f1107e4e200998bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                            • Instruction Fuzzy Hash: 60D15D32A08641CAEB209F65D4403AD77B0FF55B8DF100139EA8D97B9ADF3AE4A1C741
                                                                                                                                                                                            Function 00007FF689CAED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF689CAF0AA,?,?,0000022335547888,00007FF689CAAD53,?,?,?,00007FF689CAAC4A,?,?,?,00007FF689CA5F3E), ref: 00007FF689CAEE8C
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF689CAF0AA,?,?,0000022335547888,00007FF689CAAD53,?,?,?,00007FF689CAAC4A,?,?,?,00007FF689CA5F3E), ref: 00007FF689CAEE98
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                            • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                            • Instruction ID: bba0b414dfedb515f6233d7d37a93cce272fdd9c37f472d7b4316fb4a294510d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD41ABA1B19A12C1EB159F16E80067926F1BF49FD2F88453DDD1DE7784EE3EE845C240
                                                                                                                                                                                            Function 00007FF689C92C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92C9E
                                                                                                                                                                                            • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92D63
                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF689C92D99
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                            • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                            • API String ID: 3940978338-251083826
                                                                                                                                                                                            • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                            • Instruction ID: 06487f0a234fd38f6940efcaf88f634a9d24e0c383bac08102aa60d6bcd4ec11
                                                                                                                                                                                            • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8531C562708A4186E6209F25F8102AA76B5BF88F9AF410139EF8DD3B59DF3DD506C300
                                                                                                                                                                                            Function 00007FF689C9DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DD4D
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DD5B
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DD85
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DDF3
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DDFF
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                            • Instruction ID: 212b81c71f88f47ab2ec12c8ee1868d0c1a61dcd2d5d60e7347e7b21aae8619c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                            • Instruction Fuzzy Hash: F5319022B1A642D9FE119F06E4006B527B4FF48FAAF994539ED1D96B81DE3EE444C320
                                                                                                                                                                                            Function 00007FF689C96360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                            • API String ID: 2050909247-2434346643
                                                                                                                                                                                            • Opcode ID: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                            • Instruction ID: db53a5285447d9cb590124ba1cdc83ff2261a45368485c77b5ece5d4bcd87b41
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2df6df0904ecf2e68063807813f252f2c523520ae69ca8fe89000ee1ae80a761
                                                                                                                                                                                            • Instruction Fuzzy Hash: 29418E31A18A86D1EA21DF64E4542E96331FF54B89F80413AEA5C836D6EF3DE609C740
                                                                                                                                                                                            Function 00007FF689C92A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF689C9351A,?,00000000,00007FF689C93F1B), ref: 00007FF689C92AA0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                            • API String ID: 2050909247-2900015858
                                                                                                                                                                                            • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                            • Instruction ID: e853fa5981e466109e7cb8d059569d61d88b818a0ea8d53db6ba5983f7e7ae5d
                                                                                                                                                                                            • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 01217F72A1978182E620DF61F8817E676B4BF88B85F80013AEE8D93659DF3DD645C740
                                                                                                                                                                                            Function 00007FF689CAB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                            • Instruction ID: 5fad5086ba7a81b04b71d3ecef572cedef2853b05ed4d9ddcd1ebe4ccc2df1c9
                                                                                                                                                                                            • Opcode Fuzzy Hash: a42b9cf7ed1ffe71ebcf97f5a72f2c90d2921d4b6bb9ef7954fc9d2fe8c6feaf
                                                                                                                                                                                            • Instruction Fuzzy Hash: 96213DA0A08242C2FA695F62E95517D66F27F94FE2F44463CD93EE76C6DE2EA410C301
                                                                                                                                                                                            Function 00007FF689CB7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                            • Instruction ID: 0996cada4cc6511c7fd8e0a471aa9e6decd30f580e83896089601e49ebb8a0be
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 93116A21A18A41CAE7508F12E8543297AB4BF88FE6F000238EA5DC7BA4DF3DD814C740
                                                                                                                                                                                            Function 00007FF689C98ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C98EFD
                                                                                                                                                                                            • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C98F5A
                                                                                                                                                                                              • Part of subcall function 00007FF689C99390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF689C945F4,00000000,00007FF689C91985), ref: 00007FF689C993C9
                                                                                                                                                                                            • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C98FE5
                                                                                                                                                                                            • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C99044
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C99055
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C9906A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3462794448-0
                                                                                                                                                                                            • Opcode ID: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                            • Instruction ID: 348df261ec5a2bf65321f6df53a6d7d285c5fae0f9198d1100e7eab5de79c898
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0184f5a771bb2c28f933eba3e4018dda16e38d059dd6d010c17659477659ba58
                                                                                                                                                                                            • Instruction Fuzzy Hash: 08415D62A19682C1EB709F12E5402AA67B4FF89F8AF841139DF5D97789DE3EE500C700
                                                                                                                                                                                            Function 00007FF689CAB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB2D7
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB30D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB33A
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB34B
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB35C
                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB377
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                            • Instruction ID: 3946ca34fe2a5ded4b3e60b016b82ad92d4185b9faef832a636924c12713fa85
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c08c83365d44066401784e1b70b71c7670d14ff4fb682678828c33d1612b477
                                                                                                                                                                                            • Instruction Fuzzy Hash: 48118EA0A0D642C2FA545F22D54017D29F2BF88FB2F40423DD82EE76D6DE2EA400C300
                                                                                                                                                                                            Function 00007FF689C92910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF689C91B6A), ref: 00007FF689C9295E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                            • API String ID: 2050909247-2962405886
                                                                                                                                                                                            • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                            • Instruction ID: 2dabb43d2834e1c0a84bfcb6621d51080c6e75262cb04c45bf26afc59e6eb8a9
                                                                                                                                                                                            • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F31E422B1868192E7109F65E8412E676B5BF88BD9F40013AEE8DC3749EF3DD546C300
                                                                                                                                                                                            Function 00007FF689C92390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                            • Opcode ID: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                            • Instruction ID: 8ecaba3b89cb2bcf0a3bae13a32d45a57619dc230c60011988c472660b60d0e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 851ce5d4a208b56cb63585478e484d0f9d6918564d04618497f061aba15d8534
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98311E72A1968189EB20DF61E8552F977B0FF89B89F440139EA4D87B59DF3DD105C700
                                                                                                                                                                                            Function 00007FF689C92B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF689C9918F,?,00007FF689C93C55), ref: 00007FF689C92BA0
                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF689C92C2A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentMessageProcess
                                                                                                                                                                                            • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                            • API String ID: 1672936522-3797743490
                                                                                                                                                                                            • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                            • Instruction ID: 7b4577fb8bdcf92e3c4a6821e855e5e54b68b0ff11b99ab6e31e9bc86b57d577
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC219C62708B8182E7109F65F8447AA77B4FF88B85F80413AEA8D97659DF3DD605C740
                                                                                                                                                                                            Function 00007FF689C92710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF689C91B99), ref: 00007FF689C92760
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                            • API String ID: 2050909247-1591803126
                                                                                                                                                                                            • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                            • Instruction ID: f67e2f05ae515c8438f0ac42c2293eccfec0a43bf7bcb0c9fa8043ea13799f7e
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45219C72B18B8182E6209F61F8817EAB6B4BF88B85F800139EA8C93659DF3DD145C740
                                                                                                                                                                                            Function 00007FF689CA9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                            • Instruction ID: bc4e4a107969185cf3af623bdad7de7f44e4e90463eb08635ad948fdfdfef9c3
                                                                                                                                                                                            • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F06265B09B06C1EA108F24E48537A7770BF89F66F54023ED66E862E4DF2ED545C710
                                                                                                                                                                                            Function 00007FF689CB9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                            • Instruction ID: 1dfdfaaf0db255807a2604a110c0712f25348a96a67939c6aba423ba212f51df
                                                                                                                                                                                            • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC118226E5CA0381FEE41965E4913793070BF5DB6EF04463CEB6FD62D6CE6E6941C110
                                                                                                                                                                                            Function 00007FF689CAB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB3AF
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB3CE
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB3F6
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB407
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB418
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                            • Opcode ID: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                            • Instruction ID: aec0aa0949576c00ae80a9f1bf33cbf7da048857d83c65b4e4432bd65083e7d8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 44f6b3e63c936746b9124b5af5da9c753e88c88086b63197a25bc1506e4861c0
                                                                                                                                                                                            • Instruction Fuzzy Hash: A21160A0E09642C2FA549F26D54117925F27F85FB2F88473CD83DE66D6DE2EA401C201
                                                                                                                                                                                            Function 00007FF689CAB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                            • Opcode ID: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                            • Instruction ID: e922bf0ddb21e888da95c13f5eefbf3568373130bb9223864acb70521a5e1b74
                                                                                                                                                                                            • Opcode Fuzzy Hash: 92671db20a050c4f2636db97a8291f7b9cbb2c044339a59ef12305351f814945
                                                                                                                                                                                            • Instruction Fuzzy Hash: 17110DA0A08207C2F9996E62D4111BD15F26F86F76F44473DD93DE66C3DD2EB840C201
                                                                                                                                                                                            Function 00007FF689CA5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: verbose
                                                                                                                                                                                            • API String ID: 3215553584-579935070
                                                                                                                                                                                            • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                            • Instruction ID: 9c8be235fc108d5f61e7948bb0a099af4a5bdb571babd48b324af04b4c09f0d5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B91B1A2A08646C1FB618E24D65077D36F1BF50F96F84423AEA5DA73D6DE3EE845C300
                                                                                                                                                                                            Function 00007FF689CAFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                            • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                            • Instruction ID: 36a27278de520204efd613bb82d90cce056c3672e68b8a9145ea5ec585aacda0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                            • Instruction Fuzzy Hash: FB819BB2E08242C6F7669E69C1542782AF0BF15F8AF55803DCA49E7689CF3EE901D341
                                                                                                                                                                                            Function 00007FF689C9D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2395640692-1018135373
                                                                                                                                                                                            • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                            • Instruction ID: ecd6da6eb4a17c2c407d10770a0568a8e46f7f347ab445da74f2da0cb68c279c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38519D22A19642CADB148F15E054A7877B1FF44F9DF108138EA4E97B8ADF7EE841C740
                                                                                                                                                                                            Function 00007FF689C9F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                            • Instruction ID: 25666a8bee1b2446781d13433b93a13380fff7fae1673c5995da3d5acfa8a17d
                                                                                                                                                                                            • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E515C72A18642CAEB648F22D04436C76B0FF55F9AF18413ADA4D87B95CF3EE890C705
                                                                                                                                                                                            Function 00007FF689C9EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                            • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                            • Instruction ID: fa6b97dcfe03e442b2dc75005e83cd1ed24b0e916d0cc45693edf7b62113bcce
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45619F32908BC5C5EB208F15E4403AAB7B0FB95B89F044229EB9C97B99DF7DD590CB00
                                                                                                                                                                                            Function 00007FF689C92810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                            • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                            • API String ID: 2030045667-255084403
                                                                                                                                                                                            • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                            • Instruction ID: 3daf5865d83e96d2dedb37dc0c95b8eefb56c13b2077ccd7497c5ab2d720bf79
                                                                                                                                                                                            • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A21BC62B08B8182E7109F24F8407EA77B0FF88B85F80013AEA8D9365ADF3DD645C740
                                                                                                                                                                                            Function 00007FF689CAC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                            • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                            • Instruction ID: 291787d1520845a1516f6581200d9f5664ff242385463ec12ad25e87be09dfdd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46D1E2B2B18A41CEE710CF76D8402AC37B1FF55B99B44422ADE5EA7B89DE39D416C300
                                                                                                                                                                                            Function 00007FF689C920C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                            • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                            • Instruction ID: 4a29252a569944b6ed19eb1f2884884550b9054181af30b1039d09a01ce94a49
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E11A921B1C142C2FA549F6AE5442B9A671FF84F89F845038DB8947B99CE2ED8D5C600
                                                                                                                                                                                            Function 00007FF689CB5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                            • Opcode ID: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                            • Instruction ID: 2f13d7def42f2a25c03f8cce69913f7c881d3d375653bc48bfb3c1ad81a151c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 21862b7f5a6063227688de7d7fc5fbfc7fa1fb1d7946118fe9e576ba790fa6aa
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B41D022A082C286FB649F26D45137A76B1FF84FA6F144239EE5C86AD9DF3ED441C700
                                                                                                                                                                                            Function 00007FF689CA9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CA9046
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF689C9CBA5), ref: 00007FF689CA9064
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe, xrefs: 00007FF689CA9052
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                            • API String ID: 3580290477-2313934977
                                                                                                                                                                                            • Opcode ID: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                            • Instruction ID: 71fc21b04aad2d8ef2ea33eb382f1f720bfa7d7531ba9e90abb7bd0d63cbfb1f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 136b352ca89953b7aac46d199a587659114d0cf60bae53edf27061cb20026a80
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21417CB6A08A12C6EB549F26E8510B867F5FF44FD2B554039EA4E93B85DF3EE481C300
                                                                                                                                                                                            Function 00007FF689CACC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                            • Instruction ID: 747fdbfd7d5f6c54e3fac3408fe8858417eae2e5584fdfe73ecae2f2fc66d856
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                            • Instruction Fuzzy Hash: D641A072A18A85C6EB208F25E8443AA67B0FB88B85F804139EE4DD7798EF3DD401C740
                                                                                                                                                                                            Function 00007FF689CAF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                            • Opcode ID: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                            • Instruction ID: 53205894c7e312cd8fa06d2ba5bc1135fdee17484aa6266a0aac2ea6a0720270
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9aa1b1c0966d0181e71a7442aa19fd9d8a3a06258be719e39fc35e3b215e25b0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0021BDA2A18281C6EB209F11D44826D73F1FF88F85F864039DA8D93694DF7EE944CA81
                                                                                                                                                                                            Function 00007FF689C9FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                            • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                            • Instruction ID: ad2138ca45e2eba8c05ee95b82af40a8bb0573d12fba447b6a0b2c2385f5a5ed
                                                                                                                                                                                            • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63110732618B8582EB618F15F440269B7B4FB88B89F584234EA8D47769DF3DD951CB00
                                                                                                                                                                                            Function 00007FF689CB073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000000.00000002.3924352587.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000000.00000002.3924327814.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924398487.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924430229.00007FF689CD2000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000000.00000002.3924476662.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 2595371189-336475711
                                                                                                                                                                                            • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                            • Instruction ID: 3de622be83e406428e351efce58c81b6cb4b450854c235a0cf0ddba3ce706ac2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 83018F62A18602C6F720EF60D47127EB7B0FF89B4AF80003DD54EE6695EE2EE504CB14

                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                            Execution Coverage:2.9%
                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                            Signature Coverage:1.1%
                                                                                                                                                                                            Total number of Nodes:743
                                                                                                                                                                                            Total number of Limit Nodes:16
                                                                                                                                                                                            execution_graph 55170 7ff8a828ffe0 55171 7ff8a828fff0 55170->55171 55172 7ff8a8290000 55171->55172 55176 7ff8a82714bf 55171->55176 55180 7ff8a8271e01 55171->55180 55184 7ff8a82cec4c 55171->55184 55176->55172 55177 7ff8a82ce560 55176->55177 55178 7ff8a82ced9f SetLastError 55177->55178 55179 7ff8a82cedb3 55177->55179 55178->55179 55179->55172 55180->55172 55181 7ff8a82ce680 55180->55181 55182 7ff8a82ced9f SetLastError 55181->55182 55183 7ff8a82cedb3 55181->55183 55182->55183 55183->55172 55185 7ff8a82ced60 55184->55185 55186 7ff8a82ced9f SetLastError 55185->55186 55187 7ff8a82cedb3 55185->55187 55186->55187 55187->55172 55188 7ff689c920c0 55189 7ff689c920d5 55188->55189 55190 7ff689c9213b GetWindowLongPtrW 55188->55190 55192 7ff689c920e2 55189->55192 55195 7ff689c9210a SetWindowLongPtrW 55189->55195 55198 7ff689c92180 GetDC 55190->55198 55193 7ff689c920f4 EndDialog 55192->55193 55196 7ff689c920fa 55192->55196 55193->55196 55197 7ff689c92124 55195->55197 55199 7ff689c9224d 55198->55199 55200 7ff689c921bd 55198->55200 55203 7ff689c92252 MoveWindow MoveWindow MoveWindow MoveWindow 55199->55203 55201 7ff689c921ef SelectObject 55200->55201 55202 7ff689c921fb DrawTextW 55200->55202 55201->55202 55204 7ff689c92231 ReleaseDC 55202->55204 55205 7ff689c92225 SelectObject 55202->55205 55208 7ff689c9c550 55203->55208 55204->55203 55205->55204 55209 7ff689c9c559 55208->55209 55210 7ff689c92158 InvalidateRect 55209->55210 55211 7ff689c9c8e0 IsProcessorFeaturePresent 55209->55211 55210->55196 55212 7ff689c9c8f8 55211->55212 55217 7ff689c9cad8 RtlCaptureContext RtlLookupFunctionEntry RtlVirtualUnwind 55212->55217 55214 7ff689c9c90b 55218 7ff689c9c8a0 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 55214->55218 55217->55214 55219 7ff689c92fe0 55220 7ff689c92ff0 55219->55220 55221 7ff689c93041 55220->55221 55222 7ff689c9302b 55220->55222 55225 7ff689c93061 55221->55225 55229 7ff689c93077 __vcrt_freefls 55221->55229 55295 7ff689c92710 54 API calls _log10_special 55222->55295 55224 7ff689c93037 __vcrt_freefls 55227 7ff689c9c550 _log10_special 8 API calls 55224->55227 55296 7ff689c92710 54 API calls _log10_special 55225->55296 55228 7ff689c931fa 55227->55228 55229->55224 55231 7ff689c93349 55229->55231 55234 7ff689c93333 55229->55234 55236 7ff689c9330d 55229->55236 55238 7ff689c93207 55229->55238 55247 7ff689c91470 55229->55247 55277 7ff689c91c80 55229->55277 55301 7ff689c92710 54 API calls _log10_special 55231->55301 55300 7ff689c92710 54 API calls _log10_special 55234->55300 55299 7ff689c92710 54 API calls _log10_special 55236->55299 55239 7ff689c93273 55238->55239 55297 7ff689caa404 37 API calls 2 library calls 55238->55297 55241 7ff689c9329e 55239->55241 55242 7ff689c93290 55239->55242 55281 7ff689c92dd0 55241->55281 55298 7ff689caa404 37 API calls 2 library calls 55242->55298 55245 7ff689c9329c 55285 7ff689c92500 55245->55285 55302 7ff689c945c0 55247->55302 55250 7ff689c9149b 55342 7ff689c92710 54 API calls _log10_special 55250->55342 55251 7ff689c914bc 55312 7ff689ca06d4 55251->55312 55254 7ff689c914d1 55256 7ff689c914d5 55254->55256 55257 7ff689c914f8 55254->55257 55255 7ff689c914ab 55255->55229 55343 7ff689ca4f08 11 API calls _get_daylight 55256->55343 55261 7ff689c91532 55257->55261 55262 7ff689c91508 55257->55262 55259 7ff689c914da 55344 7ff689c92910 54 API calls _log10_special 55259->55344 55263 7ff689c91538 55261->55263 55272 7ff689c9154b 55261->55272 55345 7ff689ca4f08 11 API calls _get_daylight 55262->55345 55316 7ff689c91210 55263->55316 55266 7ff689c91510 55346 7ff689c92910 54 API calls _log10_special 55266->55346 55268 7ff689c914f3 __vcrt_freefls 55338 7ff689ca004c 55268->55338 55270 7ff689c915c4 55270->55229 55272->55268 55273 7ff689c915d6 55272->55273 55347 7ff689ca039c 55272->55347 55350 7ff689ca4f08 11 API calls _get_daylight 55273->55350 55275 7ff689c915db 55351 7ff689c92910 54 API calls _log10_special 55275->55351 55278 7ff689c91ca5 55277->55278 55592 7ff689ca4984 55278->55592 55284 7ff689c92e04 55281->55284 55282 7ff689c92f6f 55282->55245 55284->55282 55619 7ff689caa404 37 API calls 2 library calls 55284->55619 55286 7ff689c92536 55285->55286 55287 7ff689c9252c 55285->55287 55289 7ff689c9254b 55286->55289 55290 7ff689c99390 2 API calls 55286->55290 55288 7ff689c99390 2 API calls 55287->55288 55288->55286 55291 7ff689c92560 55289->55291 55293 7ff689c99390 2 API calls 55289->55293 55290->55289 55620 7ff689c92390 55291->55620 55293->55291 55294 7ff689c9257c __vcrt_freefls 55294->55224 55295->55224 55296->55224 55297->55239 55298->55245 55299->55224 55300->55224 55301->55224 55303 7ff689c945cc 55302->55303 55352 7ff689c99390 55303->55352 55305 7ff689c945f4 55306 7ff689c99390 2 API calls 55305->55306 55307 7ff689c94607 55306->55307 55357 7ff689ca5f94 55307->55357 55310 7ff689c9c550 _log10_special 8 API calls 55311 7ff689c91493 55310->55311 55311->55250 55311->55251 55313 7ff689ca0704 55312->55313 55525 7ff689ca0464 55313->55525 55315 7ff689ca071d 55315->55254 55317 7ff689c91268 55316->55317 55318 7ff689c9126f 55317->55318 55319 7ff689c91297 55317->55319 55542 7ff689c92710 54 API calls _log10_special 55318->55542 55322 7ff689c912b1 55319->55322 55323 7ff689c912d4 55319->55323 55321 7ff689c91282 55321->55268 55543 7ff689ca4f08 11 API calls _get_daylight 55322->55543 55326 7ff689c912e6 55323->55326 55337 7ff689c91309 memcpy_s 55323->55337 55325 7ff689c912b6 55544 7ff689c92910 54 API calls _log10_special 55325->55544 55545 7ff689ca4f08 11 API calls _get_daylight 55326->55545 55329 7ff689c912eb 55546 7ff689c92910 54 API calls _log10_special 55329->55546 55330 7ff689ca039c _fread_nolock 53 API calls 55330->55337 55332 7ff689ca0110 37 API calls 55332->55337 55333 7ff689c912cf __vcrt_freefls 55333->55268 55334 7ff689c913cf 55547 7ff689c92710 54 API calls _log10_special 55334->55547 55337->55330 55337->55332 55337->55333 55337->55334 55538 7ff689ca0adc 55337->55538 55339 7ff689ca007c 55338->55339 55564 7ff689c9fe28 55339->55564 55341 7ff689ca0095 55341->55270 55342->55255 55343->55259 55344->55268 55345->55266 55346->55268 55576 7ff689ca03bc 55347->55576 55350->55275 55351->55268 55353 7ff689c993b2 MultiByteToWideChar 55352->55353 55356 7ff689c993d6 55352->55356 55354 7ff689c993ec __vcrt_freefls 55353->55354 55353->55356 55354->55305 55355 7ff689c993f3 MultiByteToWideChar 55355->55354 55356->55354 55356->55355 55358 7ff689ca5ec8 55357->55358 55359 7ff689ca5eee 55358->55359 55362 7ff689ca5f21 55358->55362 55388 7ff689ca4f08 11 API calls _get_daylight 55359->55388 55361 7ff689ca5ef3 55389 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55361->55389 55364 7ff689ca5f34 55362->55364 55365 7ff689ca5f27 55362->55365 55376 7ff689caac28 55364->55376 55390 7ff689ca4f08 11 API calls _get_daylight 55365->55390 55368 7ff689c94616 55368->55310 55370 7ff689ca5f55 55383 7ff689cafecc 55370->55383 55371 7ff689ca5f48 55391 7ff689ca4f08 11 API calls _get_daylight 55371->55391 55374 7ff689ca5f68 55392 7ff689ca5478 LeaveCriticalSection 55374->55392 55393 7ff689cb02d8 EnterCriticalSection 55376->55393 55378 7ff689caac3f 55379 7ff689caac9c 19 API calls 55378->55379 55380 7ff689caac4a 55379->55380 55381 7ff689cb0338 _isindst LeaveCriticalSection 55380->55381 55382 7ff689ca5f3e 55381->55382 55382->55370 55382->55371 55394 7ff689cafbc8 55383->55394 55387 7ff689caff26 55387->55374 55388->55361 55389->55368 55390->55368 55391->55368 55399 7ff689cafc03 __vcrt_InitializeCriticalSectionEx 55394->55399 55396 7ff689cafea1 55413 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55396->55413 55398 7ff689cafdd3 55398->55387 55406 7ff689cb6d54 55398->55406 55404 7ff689cafdca 55399->55404 55409 7ff689ca7a3c 51 API calls 3 library calls 55399->55409 55401 7ff689cafe35 55401->55404 55410 7ff689ca7a3c 51 API calls 3 library calls 55401->55410 55403 7ff689cafe54 55403->55404 55411 7ff689ca7a3c 51 API calls 3 library calls 55403->55411 55404->55398 55412 7ff689ca4f08 11 API calls _get_daylight 55404->55412 55414 7ff689cb6354 55406->55414 55409->55401 55410->55403 55411->55404 55412->55396 55413->55398 55415 7ff689cb6389 55414->55415 55416 7ff689cb636b 55414->55416 55415->55416 55418 7ff689cb63a5 55415->55418 55468 7ff689ca4f08 11 API calls _get_daylight 55416->55468 55425 7ff689cb6964 55418->55425 55419 7ff689cb6370 55469 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55419->55469 55422 7ff689cb637c 55422->55387 55471 7ff689cb6698 55425->55471 55428 7ff689cb69f1 55491 7ff689ca8520 55428->55491 55429 7ff689cb69d9 55503 7ff689ca4ee8 11 API calls _get_daylight 55429->55503 55439 7ff689cb63d0 55439->55422 55470 7ff689ca84f8 LeaveCriticalSection 55439->55470 55448 7ff689cb69de 55504 7ff689ca4f08 11 API calls _get_daylight 55448->55504 55468->55419 55469->55422 55472 7ff689cb66c4 55471->55472 55479 7ff689cb66de 55471->55479 55472->55479 55516 7ff689ca4f08 11 API calls _get_daylight 55472->55516 55474 7ff689cb66d3 55517 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55474->55517 55476 7ff689cb67ad 55489 7ff689cb680a 55476->55489 55522 7ff689ca9b78 37 API calls 2 library calls 55476->55522 55477 7ff689cb675c 55477->55476 55520 7ff689ca4f08 11 API calls _get_daylight 55477->55520 55479->55477 55518 7ff689ca4f08 11 API calls _get_daylight 55479->55518 55481 7ff689cb6806 55484 7ff689cb6888 55481->55484 55481->55489 55483 7ff689cb67a2 55521 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55483->55521 55523 7ff689caa900 17 API calls __CxxCallCatchBlock 55484->55523 55485 7ff689cb6751 55519 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55485->55519 55489->55428 55489->55429 55524 7ff689cb02d8 EnterCriticalSection 55491->55524 55503->55448 55504->55439 55516->55474 55517->55479 55518->55485 55519->55477 55520->55483 55521->55476 55522->55481 55526 7ff689ca04ce 55525->55526 55527 7ff689ca048e 55525->55527 55526->55527 55528 7ff689ca04da 55526->55528 55537 7ff689caa814 37 API calls 2 library calls 55527->55537 55536 7ff689ca546c EnterCriticalSection 55528->55536 55531 7ff689ca04b5 55531->55315 55532 7ff689ca04df 55533 7ff689ca05e8 71 API calls 55532->55533 55534 7ff689ca04f1 55533->55534 55535 7ff689ca5478 _fread_nolock LeaveCriticalSection 55534->55535 55535->55531 55537->55531 55539 7ff689ca0b0c 55538->55539 55548 7ff689ca082c 55539->55548 55541 7ff689ca0b2a 55541->55337 55542->55321 55543->55325 55544->55333 55545->55329 55546->55333 55547->55333 55549 7ff689ca084c 55548->55549 55550 7ff689ca0879 55548->55550 55549->55550 55551 7ff689ca0881 55549->55551 55552 7ff689ca0856 55549->55552 55550->55541 55555 7ff689ca076c 55551->55555 55562 7ff689caa814 37 API calls 2 library calls 55552->55562 55563 7ff689ca546c EnterCriticalSection 55555->55563 55557 7ff689ca0789 55558 7ff689ca07ac 74 API calls 55557->55558 55559 7ff689ca0792 55558->55559 55560 7ff689ca5478 _fread_nolock LeaveCriticalSection 55559->55560 55561 7ff689ca079d 55560->55561 55561->55550 55562->55550 55565 7ff689c9fe71 55564->55565 55566 7ff689c9fe43 55564->55566 55568 7ff689c9fe63 55565->55568 55574 7ff689ca546c EnterCriticalSection 55565->55574 55575 7ff689caa814 37 API calls 2 library calls 55566->55575 55568->55341 55570 7ff689c9fe88 55571 7ff689c9fea4 72 API calls 55570->55571 55572 7ff689c9fe94 55571->55572 55573 7ff689ca5478 _fread_nolock LeaveCriticalSection 55572->55573 55573->55568 55575->55568 55577 7ff689ca03b4 55576->55577 55578 7ff689ca03e6 55576->55578 55577->55272 55578->55577 55579 7ff689ca0432 55578->55579 55580 7ff689ca03f5 __scrt_get_show_window_mode 55578->55580 55589 7ff689ca546c EnterCriticalSection 55579->55589 55590 7ff689ca4f08 11 API calls _get_daylight 55580->55590 55582 7ff689ca043a 55584 7ff689ca013c _fread_nolock 51 API calls 55582->55584 55587 7ff689ca0451 55584->55587 55585 7ff689ca040a 55591 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55585->55591 55588 7ff689ca5478 _fread_nolock LeaveCriticalSection 55587->55588 55588->55577 55590->55585 55591->55577 55593 7ff689ca49de 55592->55593 55594 7ff689ca4a03 55593->55594 55596 7ff689ca4a3f 55593->55596 55610 7ff689caa814 37 API calls 2 library calls 55594->55610 55611 7ff689ca2c10 49 API calls _invalid_parameter_noinfo 55596->55611 55598 7ff689ca4a2d 55601 7ff689c9c550 _log10_special 8 API calls 55598->55601 55599 7ff689ca4b1c 55600 7ff689caa948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55599->55600 55600->55598 55603 7ff689c91cc8 55601->55603 55602 7ff689ca4ad6 55602->55599 55604 7ff689ca4af1 55602->55604 55605 7ff689ca4b40 55602->55605 55606 7ff689ca4ae8 55602->55606 55603->55229 55612 7ff689caa948 55604->55612 55605->55599 55607 7ff689ca4b4a 55605->55607 55606->55599 55606->55604 55609 7ff689caa948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55607->55609 55609->55598 55610->55598 55611->55602 55613 7ff689caa94d RtlFreeHeap 55612->55613 55617 7ff689caa97c 55612->55617 55614 7ff689caa968 GetLastError 55613->55614 55613->55617 55615 7ff689caa975 Concurrency::details::SchedulerProxy::DeleteThis 55614->55615 55618 7ff689ca4f08 11 API calls _get_daylight 55615->55618 55617->55598 55618->55617 55619->55282 55639 7ff689c9c850 55620->55639 55623 7ff689c923e5 __scrt_get_show_window_mode 55641 7ff689c925c0 55623->55641 55625 7ff689c9242b __scrt_get_show_window_mode 55645 7ff689ca796c 55625->55645 55628 7ff689ca796c 37 API calls 55629 7ff689c9245e 55628->55629 55630 7ff689ca796c 37 API calls 55629->55630 55631 7ff689c9246b DialogBoxIndirectParamW 55630->55631 55632 7ff689c924a1 __vcrt_freefls 55631->55632 55633 7ff689c924c1 DeleteObject 55632->55633 55634 7ff689c924c7 55632->55634 55633->55634 55635 7ff689c924d3 DestroyIcon 55634->55635 55636 7ff689c924d9 55634->55636 55635->55636 55637 7ff689c9c550 _log10_special 8 API calls 55636->55637 55638 7ff689c924ea 55637->55638 55638->55294 55640 7ff689c923a9 GetModuleHandleW 55639->55640 55640->55623 55642 7ff689c925e5 55641->55642 55653 7ff689ca4bd8 55642->55653 55646 7ff689ca798a 55645->55646 55650 7ff689c92451 55645->55650 55646->55650 55673 7ff689cb0474 37 API calls 2 library calls 55646->55673 55648 7ff689ca79b9 55649 7ff689ca79d9 55648->55649 55648->55650 55674 7ff689caa900 17 API calls __CxxCallCatchBlock 55649->55674 55650->55628 55655 7ff689ca4c32 55653->55655 55654 7ff689ca4c57 55671 7ff689caa814 37 API calls 2 library calls 55654->55671 55655->55654 55657 7ff689ca4c93 55655->55657 55672 7ff689ca2f90 48 API calls _invalid_parameter_noinfo 55657->55672 55659 7ff689ca4c81 55661 7ff689c9c550 _log10_special 8 API calls 55659->55661 55660 7ff689ca4d74 55662 7ff689caa948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55660->55662 55663 7ff689c92604 55661->55663 55662->55659 55663->55625 55664 7ff689ca4d2e 55664->55660 55665 7ff689ca4d49 55664->55665 55666 7ff689ca4d9a 55664->55666 55669 7ff689ca4d40 55664->55669 55668 7ff689caa948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55665->55668 55666->55660 55667 7ff689ca4da4 55666->55667 55670 7ff689caa948 Concurrency::details::SchedulerProxy::DeleteThis 11 API calls 55667->55670 55668->55659 55669->55660 55669->55665 55670->55659 55671->55659 55672->55664 55673->55648 55675 7ff8a82e1360 55676 7ff8a82e1378 55675->55676 55677 7ff8a82e1486 55676->55677 55679 7ff8a8271c1c 55676->55679 55679->55676 55681 7ff8a82b6fb0 55679->55681 55682 7ff8a82b7079 55681->55682 55683 7ff8a8271a0f 55681->55683 55682->55676 55683->55681 55686 7ff8a82baaa0 55683->55686 55684 7ff8a82714ec SetLastError 55684->55686 55685 7ff8a82bb87f 55687 7ff8a82bb8aa 00007FF8C6126570 55685->55687 55692 7ff8a82bac23 55685->55692 55686->55684 55686->55685 55686->55692 55688 7ff8a82bb8cb 00007FF8C6126570 55687->55688 55687->55692 55689 7ff8a82bb8eb 00007FF8C6126570 55688->55689 55688->55692 55690 7ff8a82bb902 00007FF8C6126570 55689->55690 55689->55692 55691 7ff8a82bb91a 00007FF8C6126570 55690->55691 55690->55692 55691->55692 55692->55681 55693 7ff8a8337200 55694 7ff8a8337de0 55693->55694 55697 7ff8a8337218 55693->55697 55695 7ff8a8337d03 LoadLibraryA 55696 7ff8a8337d1d 55695->55696 55696->55697 55698 7ff8a8337d26 GetProcAddress 55696->55698 55697->55695 55701 7ff8a8337d52 VirtualProtect VirtualProtect 55697->55701 55698->55696 55700 7ff8a8337d47 55698->55700 55701->55694 55702 7ff689ca5628 55703 7ff689ca565f 55702->55703 55704 7ff689ca5642 55702->55704 55703->55704 55705 7ff689ca5672 CreateFileW 55703->55705 55727 7ff689ca4ee8 11 API calls _get_daylight 55704->55727 55707 7ff689ca56a6 55705->55707 55708 7ff689ca56dc 55705->55708 55730 7ff689ca577c 59 API calls 3 library calls 55707->55730 55731 7ff689ca5c04 46 API calls 3 library calls 55708->55731 55709 7ff689ca5647 55728 7ff689ca4f08 11 API calls _get_daylight 55709->55728 55713 7ff689ca56b4 55716 7ff689ca56d1 CloseHandle 55713->55716 55717 7ff689ca56bb CloseHandle 55713->55717 55714 7ff689ca56e1 55718 7ff689ca5710 55714->55718 55719 7ff689ca56e5 55714->55719 55715 7ff689ca564f 55729 7ff689caa8e0 37 API calls _invalid_parameter_noinfo 55715->55729 55722 7ff689ca565a 55716->55722 55717->55722 55733 7ff689ca59c4 51 API calls 55718->55733 55732 7ff689ca4e7c 11 API calls 2 library calls 55719->55732 55724 7ff689ca571d 55734 7ff689ca5b00 21 API calls _fread_nolock 55724->55734 55726 7ff689ca56ef 55726->55722 55727->55709 55728->55715 55729->55722 55730->55713 55731->55714 55732->55726 55733->55724 55734->55726 55735 7ff689c9cc3c 55756 7ff689c9ce0c 55735->55756 55738 7ff689c9cd88 55907 7ff689c9d12c 7 API calls 2 library calls 55738->55907 55739 7ff689c9cc58 __scrt_acquire_startup_lock 55741 7ff689c9cd92 55739->55741 55748 7ff689c9cc76 __scrt_release_startup_lock 55739->55748 55908 7ff689c9d12c 7 API calls 2 library calls 55741->55908 55743 7ff689c9cc9b 55744 7ff689c9cd9d __CxxCallCatchBlock 55745 7ff689c9cd21 55762 7ff689c9d274 55745->55762 55747 7ff689c9cd26 55765 7ff689c91000 55747->55765 55748->55743 55748->55745 55904 7ff689ca9b2c 45 API calls 55748->55904 55753 7ff689c9cd49 55753->55744 55906 7ff689c9cf90 7 API calls 55753->55906 55755 7ff689c9cd60 55755->55743 55757 7ff689c9ce14 55756->55757 55758 7ff689c9ce20 __scrt_dllmain_crt_thread_attach 55757->55758 55759 7ff689c9cc50 55758->55759 55760 7ff689c9ce2d 55758->55760 55759->55738 55759->55739 55760->55759 55909 7ff689c9d888 7 API calls 2 library calls 55760->55909 55910 7ff689cba4d0 55762->55910 55766 7ff689c91009 55765->55766 55912 7ff689ca5484 55766->55912 55768 7ff689c937fb 55919 7ff689c936b0 55768->55919 55773 7ff689c9c550 _log10_special 8 API calls 55776 7ff689c93ca7 55773->55776 55774 7ff689c9391b 55778 7ff689c945c0 108 API calls 55774->55778 55775 7ff689c9383c 55777 7ff689c91c80 49 API calls 55775->55777 55905 7ff689c9d2b8 GetModuleHandleW 55776->55905 55779 7ff689c9385b 55777->55779 55780 7ff689c9392b 55778->55780 55991 7ff689c98830 55779->55991 55782 7ff689c9396a 55780->55782 56014 7ff689c97f90 55780->56014 56023 7ff689c92710 54 API calls _log10_special 55782->56023 55784 7ff689c9388e 55793 7ff689c938bb __vcrt_freefls 55784->55793 56013 7ff689c989a0 40 API calls __vcrt_freefls 55784->56013 55786 7ff689c9395d 55787 7ff689c93962 55786->55787 55788 7ff689c93984 55786->55788 55789 7ff689ca004c 74 API calls 55787->55789 55790 7ff689c91c80 49 API calls 55788->55790 55789->55782 55792 7ff689c939a3 55790->55792 55798 7ff689c91950 115 API calls 55792->55798 55794 7ff689c98830 14 API calls 55793->55794 55801 7ff689c938de __vcrt_freefls 55793->55801 55794->55801 55796 7ff689c93a0b 56026 7ff689c989a0 40 API calls __vcrt_freefls 55796->56026 55800 7ff689c939ce 55798->55800 55799 7ff689c93a17 56027 7ff689c989a0 40 API calls __vcrt_freefls 55799->56027 55800->55779 55803 7ff689c939de 55800->55803 55807 7ff689c9390e __vcrt_freefls 55801->55807 56025 7ff689c98940 40 API calls __vcrt_freefls 55801->56025 56024 7ff689c92710 54 API calls _log10_special 55803->56024 55804 7ff689c93a23 56028 7ff689c989a0 40 API calls __vcrt_freefls 55804->56028 55808 7ff689c98830 14 API calls 55807->55808 55809 7ff689c93a3b 55808->55809 55810 7ff689c93a60 __vcrt_freefls 55809->55810 55811 7ff689c93b2f 55809->55811 55824 7ff689c93aab 55810->55824 56029 7ff689c98940 40 API calls __vcrt_freefls 55810->56029 56030 7ff689c92710 54 API calls _log10_special 55811->56030 55814 7ff689c98830 14 API calls 55815 7ff689c93bf4 __vcrt_freefls 55814->55815 55816 7ff689c93d41 55815->55816 55817 7ff689c93c46 55815->55817 56035 7ff689c944e0 49 API calls 55816->56035 55818 7ff689c93c50 55817->55818 55819 7ff689c93cd4 55817->55819 56031 7ff689c990e0 59 API calls _log10_special 55818->56031 55822 7ff689c98830 14 API calls 55819->55822 55826 7ff689c93ce0 55822->55826 55823 7ff689c93d4f 55827 7ff689c93d71 55823->55827 55828 7ff689c93d65 55823->55828 55824->55814 55825 7ff689c93c55 55829 7ff689c93c61 55825->55829 55830 7ff689c93cb3 55825->55830 55826->55829 55833 7ff689c93ced 55826->55833 55832 7ff689c91c80 49 API calls 55827->55832 56036 7ff689c94630 55828->56036 56032 7ff689c92710 54 API calls _log10_special 55829->56032 56033 7ff689c98660 86 API calls 2 library calls 55830->56033 55844 7ff689c93d2b __vcrt_freefls 55832->55844 55836 7ff689c91c80 49 API calls 55833->55836 55839 7ff689c93d0b 55836->55839 55837 7ff689c93dbc 55840 7ff689c99390 2 API calls 55837->55840 55838 7ff689c93cbb 55841 7ff689c93cbf 55838->55841 55842 7ff689c93cc8 55838->55842 55843 7ff689c93d12 55839->55843 55839->55844 55846 7ff689c93dcf SetDllDirectoryW 55840->55846 55841->55829 55842->55844 56034 7ff689c92710 54 API calls _log10_special 55843->56034 55844->55837 55845 7ff689c93da7 LoadLibraryExW 55844->55845 55845->55837 55849 7ff689c93e02 55846->55849 55896 7ff689c93e52 55846->55896 55851 7ff689c98830 14 API calls 55849->55851 55850 7ff689c93808 __vcrt_freefls 55850->55773 55860 7ff689c93e0e __vcrt_freefls 55851->55860 55852 7ff689c94000 55853 7ff689c9400a PostMessageW GetMessageW 55852->55853 55854 7ff689c9402d 55852->55854 55853->55854 56004 7ff689c93360 55854->56004 55855 7ff689c93f13 56047 7ff689c933c0 121 API calls 2 library calls 55855->56047 55857 7ff689c93f1b 55857->55850 55858 7ff689c93f23 55857->55858 56048 7ff689c990c0 LocalFree 55858->56048 55863 7ff689c93eea 55860->55863 55867 7ff689c93e46 55860->55867 56046 7ff689c98940 40 API calls __vcrt_freefls 55863->56046 55867->55896 56039 7ff689c96dc0 54 API calls _get_daylight 55867->56039 55870 7ff689c94047 56050 7ff689c96fc0 FreeLibrary 55870->56050 55875 7ff689c94053 55876 7ff689c93e64 56040 7ff689c97340 117 API calls 2 library calls 55876->56040 55880 7ff689c93e79 55883 7ff689c93e9a 55880->55883 55895 7ff689c93e7d 55880->55895 56041 7ff689c96e00 120 API calls _log10_special 55880->56041 55883->55895 56042 7ff689c971b0 125 API calls 55883->56042 55887 7ff689c93ed8 56045 7ff689c96fc0 FreeLibrary 55887->56045 55888 7ff689c93eaf 55888->55895 56043 7ff689c974f0 55 API calls 55888->56043 55895->55896 56044 7ff689c92a50 54 API calls _log10_special 55895->56044 55896->55852 55896->55855 55904->55745 55905->55753 55906->55755 55907->55741 55908->55744 55909->55759 55911 7ff689c9d28b GetStartupInfoW 55910->55911 55911->55747 55913 7ff689caf480 55912->55913 55915 7ff689caf526 55913->55915 55916 7ff689caf4d3 55913->55916 56052 7ff689caf358 71 API calls _fread_nolock 55915->56052 56051 7ff689caa814 37 API calls 2 library calls 55916->56051 55918 7ff689caf4fc 55918->55768 55920 7ff689c9c850 55919->55920 55921 7ff689c936bc GetModuleFileNameW 55920->55921 55922 7ff689c93710 55921->55922 55923 7ff689c936eb GetLastError 55921->55923 56053 7ff689c99280 FindFirstFileExW 55922->56053 56058 7ff689c92c50 51 API calls _log10_special 55923->56058 55926 7ff689c93706 55930 7ff689c9c550 _log10_special 8 API calls 55926->55930 55928 7ff689c93723 56059 7ff689c99300 CreateFileW GetFinalPathNameByHandleW CloseHandle 55928->56059 55929 7ff689c9377d 56061 7ff689c99440 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 55929->56061 55934 7ff689c937b5 55930->55934 55933 7ff689c9378b 55933->55926 56062 7ff689c92810 49 API calls _log10_special 55933->56062 55934->55850 55941 7ff689c91950 55934->55941 55935 7ff689c93730 55936 7ff689c93734 55935->55936 55937 7ff689c9374c __vcrt_InitializeCriticalSectionEx 55935->55937 56060 7ff689c92810 49 API calls _log10_special 55936->56060 55937->55929 55940 7ff689c93745 55940->55926 55942 7ff689c945c0 108 API calls 55941->55942 55943 7ff689c91985 55942->55943 55944 7ff689c91c43 55943->55944 55946 7ff689c97f90 83 API calls 55943->55946 55945 7ff689c9c550 _log10_special 8 API calls 55944->55945 55947 7ff689c91c5e 55945->55947 55948 7ff689c919cb 55946->55948 55947->55774 55947->55775 55949 7ff689ca06d4 73 API calls 55948->55949 55990 7ff689c91a03 55948->55990 55951 7ff689c919e5 55949->55951 55950 7ff689ca004c 74 API calls 55950->55944 55952 7ff689c91a08 55951->55952 55953 7ff689c919e9 55951->55953 55954 7ff689ca039c _fread_nolock 53 API calls 55952->55954 56063 7ff689ca4f08 11 API calls _get_daylight 55953->56063 55957 7ff689c91a20 55954->55957 55956 7ff689c919ee 56064 7ff689c92910 54 API calls _log10_special 55956->56064 55959 7ff689c91a45 55957->55959 55960 7ff689c91a26 55957->55960 55964 7ff689c91a7b 55959->55964 55965 7ff689c91a5c 55959->55965 56065 7ff689ca4f08 11 API calls _get_daylight 55960->56065 55962 7ff689c91a2b 56066 7ff689c92910 54 API calls _log10_special 55962->56066 55966 7ff689c91c80 49 API calls 55964->55966 56067 7ff689ca4f08 11 API calls _get_daylight 55965->56067 55969 7ff689c91a92 55966->55969 55968 7ff689c91a61 56068 7ff689c92910 54 API calls _log10_special 55968->56068 55971 7ff689c91c80 49 API calls 55969->55971 55972 7ff689c91add 55971->55972 55973 7ff689ca06d4 73 API calls 55972->55973 55974 7ff689c91b01 55973->55974 55975 7ff689c91b35 55974->55975 55976 7ff689c91b16 55974->55976 55977 7ff689ca039c _fread_nolock 53 API calls 55975->55977 56069 7ff689ca4f08 11 API calls _get_daylight 55976->56069 55979 7ff689c91b4a 55977->55979 55981 7ff689c91b6f 55979->55981 55982 7ff689c91b50 55979->55982 55980 7ff689c91b1b 56070 7ff689c92910 54 API calls _log10_special 55980->56070 56073 7ff689ca0110 37 API calls 2 library calls 55981->56073 56071 7ff689ca4f08 11 API calls _get_daylight 55982->56071 55986 7ff689c91b55 56072 7ff689c92910 54 API calls _log10_special 55986->56072 55988 7ff689c91b89 55988->55990 56074 7ff689c92710 54 API calls _log10_special 55988->56074 55990->55950 55992 7ff689c9883a 55991->55992 55993 7ff689c99390 2 API calls 55992->55993 55994 7ff689c98859 GetEnvironmentVariableW 55993->55994 55995 7ff689c988c2 55994->55995 55996 7ff689c98876 ExpandEnvironmentStringsW 55994->55996 55997 7ff689c9c550 _log10_special 8 API calls 55995->55997 55996->55995 55998 7ff689c98898 55996->55998 55999 7ff689c988d4 55997->55999 56075 7ff689c99440 WideCharToMultiByte WideCharToMultiByte __vcrt_freefls 55998->56075 55999->55784 56001 7ff689c988aa 56002 7ff689c9c550 _log10_special 8 API calls 56001->56002 56003 7ff689c988ba 56002->56003 56003->55784 56076 7ff689c96360 56004->56076 56007 7ff689c93399 56049 7ff689c93670 FreeLibrary 56007->56049 56009 7ff689c93381 56009->56007 56144 7ff689c96050 56009->56144 56011 7ff689c9338d 56011->56007 56153 7ff689c961e0 54 API calls 56011->56153 56013->55793 56015 7ff689c97fb4 56014->56015 56016 7ff689ca06d4 73 API calls 56015->56016 56021 7ff689c9808b __vcrt_freefls 56015->56021 56017 7ff689c97fd0 56016->56017 56017->56021 56207 7ff689ca78c8 56017->56207 56019 7ff689ca06d4 73 API calls 56022 7ff689c97fe5 56019->56022 56020 7ff689ca039c _fread_nolock 53 API calls 56020->56022 56021->55786 56022->56019 56022->56020 56022->56021 56023->55850 56024->55850 56025->55796 56026->55799 56027->55804 56028->55807 56029->55824 56030->55850 56031->55825 56032->55850 56033->55838 56034->55850 56035->55823 56037 7ff689c91c80 49 API calls 56036->56037 56038 7ff689c94660 56037->56038 56038->55844 56038->56038 56039->55876 56040->55880 56041->55883 56042->55888 56043->55895 56044->55887 56045->55896 56046->55896 56047->55857 56049->55870 56050->55875 56051->55918 56052->55918 56054 7ff689c992bf FindClose 56053->56054 56055 7ff689c992d2 56053->56055 56054->56055 56056 7ff689c9c550 _log10_special 8 API calls 56055->56056 56057 7ff689c9371a 56056->56057 56057->55928 56057->55929 56058->55926 56059->55935 56060->55940 56061->55933 56062->55926 56063->55956 56064->55990 56065->55962 56066->55990 56067->55968 56068->55990 56069->55980 56070->55990 56071->55986 56072->55990 56073->55988 56074->55990 56075->56001 56077 7ff689c96375 56076->56077 56078 7ff689c91c80 49 API calls 56077->56078 56079 7ff689c963b1 56078->56079 56080 7ff689c963ba 56079->56080 56081 7ff689c963dd 56079->56081 56164 7ff689c92710 54 API calls _log10_special 56080->56164 56083 7ff689c94630 49 API calls 56081->56083 56084 7ff689c963f5 56083->56084 56085 7ff689c96413 56084->56085 56165 7ff689c92710 54 API calls _log10_special 56084->56165 56154 7ff689c94560 56085->56154 56086 7ff689c9c550 _log10_special 8 API calls 56089 7ff689c9336e 56086->56089 56089->56007 56107 7ff689c96500 56089->56107 56091 7ff689c9642b 56092 7ff689c94630 49 API calls 56091->56092 56094 7ff689c96444 56092->56094 56093 7ff689c98e80 3 API calls 56093->56091 56095 7ff689c96469 56094->56095 56096 7ff689c96449 56094->56096 56160 7ff689c98e80 56095->56160 56166 7ff689c92710 54 API calls _log10_special 56096->56166 56099 7ff689c96476 56100 7ff689c964c1 56099->56100 56101 7ff689c96482 56099->56101 56168 7ff689c95830 137 API calls 56100->56168 56102 7ff689c99390 2 API calls 56101->56102 56104 7ff689c9649a GetLastError 56102->56104 56167 7ff689c92c50 51 API calls _log10_special 56104->56167 56106 7ff689c963d3 56106->56086 56169 7ff689c95400 56107->56169 56109 7ff689c96526 56110 7ff689c9652e 56109->56110 56111 7ff689c9653f 56109->56111 56194 7ff689c92710 54 API calls _log10_special 56110->56194 56176 7ff689c94c90 56111->56176 56115 7ff689c9654b 56195 7ff689c92710 54 API calls _log10_special 56115->56195 56116 7ff689c9655c 56119 7ff689c9656c 56116->56119 56121 7ff689c9657d 56116->56121 56118 7ff689c9653a 56118->56009 56196 7ff689c92710 54 API calls _log10_special 56119->56196 56122 7ff689c9659c 56121->56122 56123 7ff689c965ad 56121->56123 56197 7ff689c92710 54 API calls _log10_special 56122->56197 56125 7ff689c965bc 56123->56125 56126 7ff689c965cd 56123->56126 56198 7ff689c92710 54 API calls _log10_special 56125->56198 56180 7ff689c94d50 56126->56180 56130 7ff689c965dc 56199 7ff689c92710 54 API calls _log10_special 56130->56199 56131 7ff689c965ed 56133 7ff689c965fc 56131->56133 56134 7ff689c9660d 56131->56134 56200 7ff689c92710 54 API calls _log10_special 56133->56200 56136 7ff689c9661f 56134->56136 56138 7ff689c96630 56134->56138 56201 7ff689c92710 54 API calls _log10_special 56136->56201 56141 7ff689c9665a 56138->56141 56202 7ff689ca72b0 73 API calls 56138->56202 56140 7ff689c96648 56203 7ff689ca72b0 73 API calls 56140->56203 56141->56118 56204 7ff689c92710 54 API calls _log10_special 56141->56204 56145 7ff689c96070 56144->56145 56145->56145 56146 7ff689c96099 56145->56146 56152 7ff689c960b0 __vcrt_freefls 56145->56152 56206 7ff689c92710 54 API calls _log10_special 56146->56206 56148 7ff689c960a5 56148->56011 56149 7ff689c961bb 56149->56011 56150 7ff689c91470 116 API calls 56150->56152 56151 7ff689c92710 54 API calls 56151->56152 56152->56149 56152->56150 56152->56151 56153->56007 56155 7ff689c9456a 56154->56155 56156 7ff689c99390 2 API calls 56155->56156 56157 7ff689c9458f 56156->56157 56158 7ff689c9c550 _log10_special 8 API calls 56157->56158 56159 7ff689c945b7 56158->56159 56159->56091 56159->56093 56161 7ff689c99390 2 API calls 56160->56161 56162 7ff689c98e94 LoadLibraryExW 56161->56162 56163 7ff689c98eb3 __vcrt_freefls 56162->56163 56163->56099 56164->56106 56165->56085 56166->56106 56167->56106 56168->56106 56171 7ff689c9542c 56169->56171 56170 7ff689c95434 56170->56109 56171->56170 56174 7ff689c955d4 56171->56174 56205 7ff689ca6aa4 48 API calls 56171->56205 56172 7ff689c95797 __vcrt_freefls 56172->56109 56173 7ff689c947d0 47 API calls 56173->56174 56174->56172 56174->56173 56177 7ff689c94cc0 56176->56177 56178 7ff689c9c550 _log10_special 8 API calls 56177->56178 56179 7ff689c94d2a 56178->56179 56179->56115 56179->56116 56181 7ff689c94d65 56180->56181 56182 7ff689c91c80 49 API calls 56181->56182 56183 7ff689c94db1 56182->56183 56184 7ff689c91c80 49 API calls 56183->56184 56193 7ff689c94e33 __vcrt_freefls 56183->56193 56186 7ff689c94df0 56184->56186 56185 7ff689c9c550 _log10_special 8 API calls 56187 7ff689c94e7e 56185->56187 56188 7ff689c99390 2 API calls 56186->56188 56186->56193 56187->56130 56187->56131 56189 7ff689c94e06 56188->56189 56190 7ff689c99390 2 API calls 56189->56190 56191 7ff689c94e1d 56190->56191 56192 7ff689c99390 2 API calls 56191->56192 56192->56193 56193->56185 56194->56118 56195->56118 56196->56118 56197->56118 56198->56118 56199->56118 56200->56118 56201->56118 56202->56140 56203->56141 56204->56118 56205->56171 56206->56148 56208 7ff689ca78f8 56207->56208 56211 7ff689ca73d4 56208->56211 56210 7ff689ca7911 56210->56022 56212 7ff689ca73ef 56211->56212 56213 7ff689ca741e 56211->56213 56222 7ff689caa814 37 API calls 2 library calls 56212->56222 56221 7ff689ca546c EnterCriticalSection 56213->56221 56216 7ff689ca740f 56216->56210 56217 7ff689ca7423 56218 7ff689ca7440 38 API calls 56217->56218 56219 7ff689ca742f 56218->56219 56220 7ff689ca5478 _fread_nolock LeaveCriticalSection 56219->56220 56220->56216 56222->56216

                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                            Function 00007FF689C91000 Relevance: 60.0, APIs: 6, Strings: 28, Instructions: 509COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 0 7ff689c91000-7ff689c93806 call 7ff689c9fe18 call 7ff689c9fe20 call 7ff689c9c850 call 7ff689ca53f0 call 7ff689ca5484 call 7ff689c936b0 14 7ff689c93814-7ff689c93836 call 7ff689c91950 0->14 15 7ff689c93808-7ff689c9380f 0->15 20 7ff689c9391b-7ff689c93931 call 7ff689c945c0 14->20 21 7ff689c9383c-7ff689c93856 call 7ff689c91c80 14->21 17 7ff689c93c97-7ff689c93cb2 call 7ff689c9c550 15->17 28 7ff689c93933-7ff689c93960 call 7ff689c97f90 20->28 29 7ff689c9396a-7ff689c9397f call 7ff689c92710 20->29 25 7ff689c9385b-7ff689c9389b call 7ff689c98830 21->25 34 7ff689c938c1-7ff689c938cc call 7ff689ca4f30 25->34 35 7ff689c9389d-7ff689c938a3 25->35 41 7ff689c93962-7ff689c93965 call 7ff689ca004c 28->41 42 7ff689c93984-7ff689c939a6 call 7ff689c91c80 28->42 37 7ff689c93c8f 29->37 49 7ff689c938d2-7ff689c938e1 call 7ff689c98830 34->49 50 7ff689c939fc-7ff689c93a2a call 7ff689c98940 call 7ff689c989a0 * 3 34->50 38 7ff689c938af-7ff689c938bd call 7ff689c989a0 35->38 39 7ff689c938a5-7ff689c938ad 35->39 37->17 38->34 39->38 41->29 53 7ff689c939b0-7ff689c939b9 42->53 57 7ff689c939f4-7ff689c939f7 call 7ff689ca4f30 49->57 58 7ff689c938e7-7ff689c938ed 49->58 76 7ff689c93a2f-7ff689c93a3e call 7ff689c98830 50->76 53->53 56 7ff689c939bb-7ff689c939d8 call 7ff689c91950 53->56 56->25 68 7ff689c939de-7ff689c939ef call 7ff689c92710 56->68 57->50 61 7ff689c938f0-7ff689c938fc 58->61 65 7ff689c938fe-7ff689c93903 61->65 66 7ff689c93905-7ff689c93908 61->66 65->61 65->66 66->57 69 7ff689c9390e-7ff689c93916 call 7ff689ca4f30 66->69 68->37 69->76 79 7ff689c93a44-7ff689c93a47 76->79 80 7ff689c93b45-7ff689c93b53 76->80 79->80 83 7ff689c93a4d-7ff689c93a50 79->83 81 7ff689c93a67 80->81 82 7ff689c93b59-7ff689c93b5d 80->82 84 7ff689c93a6b-7ff689c93a90 call 7ff689ca4f30 81->84 82->84 85 7ff689c93b14-7ff689c93b17 83->85 86 7ff689c93a56-7ff689c93a5a 83->86 94 7ff689c93a92-7ff689c93aa6 call 7ff689c98940 84->94 95 7ff689c93aab-7ff689c93ac0 84->95 89 7ff689c93b2f-7ff689c93b40 call 7ff689c92710 85->89 90 7ff689c93b19-7ff689c93b1d 85->90 86->85 88 7ff689c93a60 86->88 88->81 98 7ff689c93c7f-7ff689c93c87 89->98 90->89 91 7ff689c93b1f-7ff689c93b2a 90->91 91->84 94->95 99 7ff689c93ac6-7ff689c93aca 95->99 100 7ff689c93be8-7ff689c93bfa call 7ff689c98830 95->100 98->37 102 7ff689c93ad0-7ff689c93ae8 call 7ff689ca5250 99->102 103 7ff689c93bcd-7ff689c93be2 call 7ff689c91940 99->103 108 7ff689c93c2e 100->108 109 7ff689c93bfc-7ff689c93c02 100->109 113 7ff689c93b62-7ff689c93b7a call 7ff689ca5250 102->113 114 7ff689c93aea-7ff689c93b02 call 7ff689ca5250 102->114 103->99 103->100 115 7ff689c93c31-7ff689c93c40 call 7ff689ca4f30 108->115 111 7ff689c93c1e-7ff689c93c2c 109->111 112 7ff689c93c04-7ff689c93c1c 109->112 111->115 112->115 122 7ff689c93b87-7ff689c93b9f call 7ff689ca5250 113->122 123 7ff689c93b7c-7ff689c93b80 113->123 114->103 124 7ff689c93b08-7ff689c93b0f 114->124 125 7ff689c93d41-7ff689c93d63 call 7ff689c944e0 115->125 126 7ff689c93c46-7ff689c93c4a 115->126 139 7ff689c93ba1-7ff689c93ba5 122->139 140 7ff689c93bac-7ff689c93bc4 call 7ff689ca5250 122->140 123->122 124->103 137 7ff689c93d71-7ff689c93d82 call 7ff689c91c80 125->137 138 7ff689c93d65-7ff689c93d6f call 7ff689c94630 125->138 127 7ff689c93c50-7ff689c93c5f call 7ff689c990e0 126->127 128 7ff689c93cd4-7ff689c93ce6 call 7ff689c98830 126->128 141 7ff689c93c61 127->141 142 7ff689c93cb3-7ff689c93cbd call 7ff689c98660 127->142 143 7ff689c93d35-7ff689c93d3c 128->143 144 7ff689c93ce8-7ff689c93ceb 128->144 152 7ff689c93d87-7ff689c93d96 137->152 138->152 139->140 140->103 154 7ff689c93bc6 140->154 149 7ff689c93c68 call 7ff689c92710 141->149 164 7ff689c93cbf-7ff689c93cc6 142->164 165 7ff689c93cc8-7ff689c93ccf 142->165 143->149 144->143 150 7ff689c93ced-7ff689c93d10 call 7ff689c91c80 144->150 160 7ff689c93c6d-7ff689c93c77 149->160 166 7ff689c93d12-7ff689c93d26 call 7ff689c92710 call 7ff689ca4f30 150->166 167 7ff689c93d2b-7ff689c93d33 call 7ff689ca4f30 150->167 157 7ff689c93d98-7ff689c93d9f 152->157 158 7ff689c93dbc-7ff689c93dd2 call 7ff689c99390 152->158 154->103 157->158 162 7ff689c93da1-7ff689c93da5 157->162 170 7ff689c93de0-7ff689c93dfc SetDllDirectoryW 158->170 171 7ff689c93dd4 158->171 160->98 162->158 168 7ff689c93da7-7ff689c93db6 LoadLibraryExW 162->168 164->149 165->152 166->160 167->152 168->158 174 7ff689c93e02-7ff689c93e11 call 7ff689c98830 170->174 175 7ff689c93ef9-7ff689c93f00 170->175 171->170 189 7ff689c93e13-7ff689c93e19 174->189 190 7ff689c93e2a-7ff689c93e34 call 7ff689ca4f30 174->190 180 7ff689c94000-7ff689c94008 175->180 181 7ff689c93f06-7ff689c93f0d 175->181 182 7ff689c9400a-7ff689c94027 PostMessageW GetMessageW 180->182 183 7ff689c9402d-7ff689c94038 call 7ff689c936a0 call 7ff689c93360 180->183 181->180 186 7ff689c93f13-7ff689c93f1d call 7ff689c933c0 181->186 182->183 200 7ff689c9403d-7ff689c9405f call 7ff689c93670 call 7ff689c96fc0 call 7ff689c96d70 183->200 186->160 196 7ff689c93f23-7ff689c93f37 call 7ff689c990c0 186->196 193 7ff689c93e25-7ff689c93e27 189->193 194 7ff689c93e1b-7ff689c93e23 189->194 201 7ff689c93eea-7ff689c93ef4 call 7ff689c98940 190->201 202 7ff689c93e3a-7ff689c93e40 190->202 193->190 194->193 207 7ff689c93f39-7ff689c93f56 PostMessageW GetMessageW 196->207 208 7ff689c93f5c-7ff689c93f9f call 7ff689c98940 call 7ff689c989e0 call 7ff689c96fc0 call 7ff689c96d70 call 7ff689c988e0 196->208 201->175 202->201 206 7ff689c93e46-7ff689c93e4c 202->206 210 7ff689c93e4e-7ff689c93e50 206->210 211 7ff689c93e57-7ff689c93e59 206->211 207->208 247 7ff689c93fa1-7ff689c93fb7 call 7ff689c98ed0 call 7ff689c988e0 208->247 248 7ff689c93fed-7ff689c93ffb call 7ff689c91900 208->248 212 7ff689c93e5f-7ff689c93e7b call 7ff689c96dc0 call 7ff689c97340 210->212 215 7ff689c93e52 210->215 211->175 211->212 227 7ff689c93e86-7ff689c93e8d 212->227 228 7ff689c93e7d-7ff689c93e84 212->228 215->175 231 7ff689c93e8f-7ff689c93e9c call 7ff689c96e00 227->231 232 7ff689c93ea7-7ff689c93eb1 call 7ff689c971b0 227->232 230 7ff689c93ed3-7ff689c93ee8 call 7ff689c92a50 call 7ff689c96fc0 call 7ff689c96d70 228->230 230->175 231->232 244 7ff689c93e9e-7ff689c93ea5 231->244 245 7ff689c93eb3-7ff689c93eba 232->245 246 7ff689c93ebc-7ff689c93eca call 7ff689c974f0 232->246 244->230 245->230 246->175 257 7ff689c93ecc 246->257 247->248 261 7ff689c93fb9-7ff689c93fce 247->261 248->160 257->230 262 7ff689c93fd0-7ff689c93fe3 call 7ff689c92710 call 7ff689c91900 261->262 263 7ff689c93fe8 call 7ff689c92a50 261->263 262->160 263->248
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastModuleName
                                                                                                                                                                                            • String ID: Could not create temporary directory!$Could not load PyInstaller's embedded PKG archive from the executable (%s)$Could not side-load PyInstaller's PKG archive from external file (%s)$Failed to convert DLL search path!$Failed to initialize security descriptor for temporary directory!$Failed to load Tcl/Tk shared libraries for splash screen!$Failed to load splash screen resources!$Failed to remove temporary directory: %s$Failed to start splash screen!$Failed to unpack splash screen dependencies from PKG archive!$Invalid value in _PYI_PARENT_PROCESS_LEVEL: %s$MEI$PYINSTALLER_RESET_ENVIRONMENT$PYINSTALLER_STRICT_UNPACK_MODE$PYINSTALLER_SUPPRESS_SPLASH_SCREEN$Path exceeds PYI_PATH_MAX limit.$Py_GIL_DISABLED$VCRUNTIME140.dll$_PYI_APPLICATION_HOME_DIR$_PYI_APPLICATION_HOME_DIR not set for onefile child process!$_PYI_ARCHIVE_FILE$_PYI_PARENT_PROCESS_LEVEL$_PYI_SPLASH_IPC$pkg$pyi-contents-directory$pyi-disable-windowed-traceback$pyi-python-flag$pyi-runtime-tmpdir
                                                                                                                                                                                            • API String ID: 2776309574-4232158417
                                                                                                                                                                                            • Opcode ID: 9b17f683483ed456cfa5d3adfaaad0906d1924fbd3de9cf6bb050ba9cf488250
                                                                                                                                                                                            • Instruction ID: 0e2e091f43a40a491fa6b402d7da9cbe89b8fbe93a9eb7b24d13e034932cff93
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9b17f683483ed456cfa5d3adfaaad0906d1924fbd3de9cf6bb050ba9cf488250
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70327A21A0C682D1FB199F35D8543B926B1BF85F8AF84403ADA5DC32D6EF2EE558C310
                                                                                                                                                                                            Function 00007FF8A8271A0F Relevance: 23.6, APIs: 5, Strings: 8, Instructions: 891COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $..\s\ssl\record\ssl3_record.c$CONNE$GET $HEAD $POST $PUT $ssl3_get_record
                                                                                                                                                                                            • API String ID: 0-2781224710
                                                                                                                                                                                            • Opcode ID: 0ab4d58f5bb155752d9913eb62b0d51a30b311dd7c242be745a741accbf05ac2
                                                                                                                                                                                            • Instruction ID: f8eb012748bf745dc13f8fc4db890f70ad6315d843eab2e9433e8a7fcc405b51
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0ab4d58f5bb155752d9913eb62b0d51a30b311dd7c242be745a741accbf05ac2
                                                                                                                                                                                            • Instruction Fuzzy Hash: CD92A031A1BA82AAFB609BA1D4487F927A0EF84BC4F444036DA4D476DDDF3DE541C728
                                                                                                                                                                                            Function 00007FF689CB6964 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 993 7ff689cb6964-7ff689cb69d7 call 7ff689cb6698 996 7ff689cb69f1-7ff689cb69fb call 7ff689ca8520 993->996 997 7ff689cb69d9-7ff689cb69e2 call 7ff689ca4ee8 993->997 1003 7ff689cb6a16-7ff689cb6a7f CreateFileW 996->1003 1004 7ff689cb69fd-7ff689cb6a14 call 7ff689ca4ee8 call 7ff689ca4f08 996->1004 1002 7ff689cb69e5-7ff689cb69ec call 7ff689ca4f08 997->1002 1017 7ff689cb6d32-7ff689cb6d52 1002->1017 1007 7ff689cb6a81-7ff689cb6a87 1003->1007 1008 7ff689cb6afc-7ff689cb6b07 GetFileType 1003->1008 1004->1002 1013 7ff689cb6ac9-7ff689cb6af7 GetLastError call 7ff689ca4e7c 1007->1013 1014 7ff689cb6a89-7ff689cb6a8d 1007->1014 1010 7ff689cb6b09-7ff689cb6b44 GetLastError call 7ff689ca4e7c CloseHandle 1008->1010 1011 7ff689cb6b5a-7ff689cb6b61 1008->1011 1010->1002 1028 7ff689cb6b4a-7ff689cb6b55 call 7ff689ca4f08 1010->1028 1020 7ff689cb6b63-7ff689cb6b67 1011->1020 1021 7ff689cb6b69-7ff689cb6b6c 1011->1021 1013->1002 1014->1013 1015 7ff689cb6a8f-7ff689cb6ac7 CreateFileW 1014->1015 1015->1008 1015->1013 1025 7ff689cb6b72-7ff689cb6bc7 call 7ff689ca8438 1020->1025 1021->1025 1026 7ff689cb6b6e 1021->1026 1031 7ff689cb6bc9-7ff689cb6bd5 call 7ff689cb68a0 1025->1031 1032 7ff689cb6be6-7ff689cb6c17 call 7ff689cb6418 1025->1032 1026->1025 1028->1002 1031->1032 1038 7ff689cb6bd7 1031->1038 1039 7ff689cb6c19-7ff689cb6c1b 1032->1039 1040 7ff689cb6c1d-7ff689cb6c5f 1032->1040 1041 7ff689cb6bd9-7ff689cb6be1 call 7ff689caaac0 1038->1041 1039->1041 1042 7ff689cb6c81-7ff689cb6c8c 1040->1042 1043 7ff689cb6c61-7ff689cb6c65 1040->1043 1041->1017 1044 7ff689cb6d30 1042->1044 1045 7ff689cb6c92-7ff689cb6c96 1042->1045 1043->1042 1047 7ff689cb6c67-7ff689cb6c7c 1043->1047 1044->1017 1045->1044 1048 7ff689cb6c9c-7ff689cb6ce1 CloseHandle CreateFileW 1045->1048 1047->1042 1050 7ff689cb6ce3-7ff689cb6d11 GetLastError call 7ff689ca4e7c call 7ff689ca8660 1048->1050 1051 7ff689cb6d16-7ff689cb6d2b 1048->1051 1050->1051 1051->1044
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1617910340-0
                                                                                                                                                                                            • Opcode ID: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                            • Instruction ID: 2d3fcb1c222e54a0d211b8afeaeeb7498f8f545f9a1a9d399768d579cd42233d
                                                                                                                                                                                            • Opcode Fuzzy Hash: baaa1bd2bfcf3e8d87424e6061cd652f961a4b3dae6ad7eaae94581ee29caa63
                                                                                                                                                                                            • Instruction Fuzzy Hash: 86C1AE32B28A45C6EB10CFA5D5906AC37B1FB89FA9B011239EA1E97794DF3AD455C300
                                                                                                                                                                                            Function 00007FF8A8337200 Relevance: 9.6, APIs: 4, Strings: 1, Instructions: 885librarymemoryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ProtectVirtual$AddressLibraryLoadProc
                                                                                                                                                                                            • String ID: TLS 1.1
                                                                                                                                                                                            • API String ID: 3300690313-2459780185
                                                                                                                                                                                            • Opcode ID: e9bd674313fd626e8b10bb5bd9aba1fc995f4c064e3db001b0372bd032c2116d
                                                                                                                                                                                            • Instruction ID: 118ba6826458f179b7baa30bad3b2ff20db752289446e9c93f9edbe973456b37
                                                                                                                                                                                            • Opcode Fuzzy Hash: e9bd674313fd626e8b10bb5bd9aba1fc995f4c064e3db001b0372bd032c2116d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2462472262999296E7298E38D4403BD76E0F7487C5F08513AEA9EC37C4EB7CEA45C714
                                                                                                                                                                                            Function 00007FF689C99280 Relevance: 3.0, APIs: 2, Instructions: 29COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Find$CloseFileFirst
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2295610775-0
                                                                                                                                                                                            • Opcode ID: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                            • Instruction ID: 4a80dff9b6ebea53b13f63888ba47d4c7037d6cae0e7be29717bdcbd6f8a64f2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3849ca1beccae91a12aeced599bc73bdbec409d6dd090ca7d2ec6d5d284a4285
                                                                                                                                                                                            • Instruction Fuzzy Hash: 81F06822A18741C6F7A08FA4F4997667770BF84B69F440339D96D42AD5DF3DD049CA04
                                                                                                                                                                                            Function 00007FF689C91950 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 184COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 657 7ff689c91950-7ff689c9198b call 7ff689c945c0 660 7ff689c91c4e-7ff689c91c72 call 7ff689c9c550 657->660 661 7ff689c91991-7ff689c919d1 call 7ff689c97f90 657->661 666 7ff689c919d7-7ff689c919e7 call 7ff689ca06d4 661->666 667 7ff689c91c3b-7ff689c91c3e call 7ff689ca004c 661->667 672 7ff689c91a08-7ff689c91a24 call 7ff689ca039c 666->672 673 7ff689c919e9-7ff689c91a03 call 7ff689ca4f08 call 7ff689c92910 666->673 671 7ff689c91c43-7ff689c91c4b 667->671 671->660 679 7ff689c91a45-7ff689c91a5a call 7ff689ca4f28 672->679 680 7ff689c91a26-7ff689c91a40 call 7ff689ca4f08 call 7ff689c92910 672->680 673->667 687 7ff689c91a7b-7ff689c91b05 call 7ff689c91c80 * 2 call 7ff689ca06d4 call 7ff689ca4f44 679->687 688 7ff689c91a5c-7ff689c91a76 call 7ff689ca4f08 call 7ff689c92910 679->688 680->667 701 7ff689c91b0a-7ff689c91b14 687->701 688->667 702 7ff689c91b35-7ff689c91b4e call 7ff689ca039c 701->702 703 7ff689c91b16-7ff689c91b30 call 7ff689ca4f08 call 7ff689c92910 701->703 708 7ff689c91b6f-7ff689c91b8b call 7ff689ca0110 702->708 709 7ff689c91b50-7ff689c91b6a call 7ff689ca4f08 call 7ff689c92910 702->709 703->667 717 7ff689c91b9e-7ff689c91bac 708->717 718 7ff689c91b8d-7ff689c91b99 call 7ff689c92710 708->718 709->667 717->667 719 7ff689c91bb2-7ff689c91bb9 717->719 718->667 722 7ff689c91bc1-7ff689c91bc7 719->722 724 7ff689c91be0-7ff689c91bef 722->724 725 7ff689c91bc9-7ff689c91bd6 722->725 724->724 726 7ff689c91bf1-7ff689c91bfa 724->726 725->726 727 7ff689c91c0f 726->727 728 7ff689c91bfc-7ff689c91bff 726->728 730 7ff689c91c11-7ff689c91c24 727->730 728->727 729 7ff689c91c01-7ff689c91c04 728->729 729->727 731 7ff689c91c06-7ff689c91c09 729->731 732 7ff689c91c26 730->732 733 7ff689c91c2d-7ff689c91c39 730->733 731->727 734 7ff689c91c0b-7ff689c91c0d 731->734 732->733 733->667 733->722 734->730
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C97F90: _fread_nolock.LIBCMT ref: 00007FF689C9803A
                                                                                                                                                                                            • _fread_nolock.LIBCMT ref: 00007FF689C91A1B
                                                                                                                                                                                              • Part of subcall function 00007FF689C92910: GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF689C91B6A), ref: 00007FF689C9295E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock$CurrentProcess
                                                                                                                                                                                            • String ID: Could not allocate buffer for TOC!$Could not allocate memory for archive structure!$Could not read full TOC!$Error on file.$Failed to read cookie!$Failed to seek to cookie position!$MEI$calloc$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2397952137-3497178890
                                                                                                                                                                                            • Opcode ID: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
                                                                                                                                                                                            • Instruction ID: c1051d6d62697e956ceba031b3398f97d64782984481341b27353caf4d0fdd2b
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6a04d0c4c8a0b99f23b16d6d676f1581d6c74e17851155a383b4fbd0f348e88e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63818F71B08686CAEB20DF14D4412B973B1BF84B8AF404439E98ED7B86DE3EE545C740
                                                                                                                                                                                            Function 00007FF689C92180 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 120COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: MoveWindow$ObjectSelect$DrawReleaseText
                                                                                                                                                                                            • String ID: P%
                                                                                                                                                                                            • API String ID: 2147705588-2959514604
                                                                                                                                                                                            • Opcode ID: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                            • Instruction ID: 2ccaf97f91c298483e3e7c6e1f7f6fa0fd3f7bb9963a56a796fde13d1ab81640
                                                                                                                                                                                            • Opcode Fuzzy Hash: 044398bc2faddcfc72e28419b1c607044beef288ba0900b5e0371f537bcab75f
                                                                                                                                                                                            • Instruction Fuzzy Hash: EC512826614BA1C6D6349F22E4181BABBB1FB98B66F004125EFCE83694DF3CD045DB10
                                                                                                                                                                                            Function 00007FF689C91470 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 107COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2050909247-3659356012
                                                                                                                                                                                            • Opcode ID: c2afc7824f5d06aeb7122b45ff3d71a08e21781222a796508b6c171953ba6000
                                                                                                                                                                                            • Instruction ID: 861b2d469a1eff139dec6cd2d2353b14cb6966396f80b9d17d8afe0e77e93184
                                                                                                                                                                                            • Opcode Fuzzy Hash: c2afc7824f5d06aeb7122b45ff3d71a08e21781222a796508b6c171953ba6000
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3F415E62B08642C6EA10DF21D4415B963B0BF84F9AF84453AED5D9BB96DE3EE501C704
                                                                                                                                                                                            Function 00007FF689C91210 Relevance: 12.4, APIs: 1, Strings: 6, Instructions: 158COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1056 7ff689c91210-7ff689c9126d call 7ff689c9bd80 1059 7ff689c9126f-7ff689c91296 call 7ff689c92710 1056->1059 1060 7ff689c91297-7ff689c912af call 7ff689ca4f44 1056->1060 1065 7ff689c912b1-7ff689c912cf call 7ff689ca4f08 call 7ff689c92910 1060->1065 1066 7ff689c912d4-7ff689c912e4 call 7ff689ca4f44 1060->1066 1077 7ff689c91439-7ff689c9146d call 7ff689c9ba60 call 7ff689ca4f30 * 2 1065->1077 1071 7ff689c912e6-7ff689c91304 call 7ff689ca4f08 call 7ff689c92910 1066->1071 1072 7ff689c91309-7ff689c9131b 1066->1072 1071->1077 1076 7ff689c91320-7ff689c91345 call 7ff689ca039c 1072->1076 1085 7ff689c91431 1076->1085 1086 7ff689c9134b-7ff689c91355 call 7ff689ca0110 1076->1086 1085->1077 1086->1085 1091 7ff689c9135b-7ff689c91367 1086->1091 1094 7ff689c91370-7ff689c91398 call 7ff689c9a1c0 1091->1094 1097 7ff689c91416-7ff689c9142c call 7ff689c92710 1094->1097 1098 7ff689c9139a-7ff689c9139d 1094->1098 1097->1085 1099 7ff689c9139f-7ff689c913a9 1098->1099 1100 7ff689c91411 1098->1100 1102 7ff689c913d4-7ff689c913d7 1099->1102 1103 7ff689c913ab-7ff689c913b9 call 7ff689ca0adc 1099->1103 1100->1097 1105 7ff689c913d9-7ff689c913e7 call 7ff689cb9e30 1102->1105 1106 7ff689c913ea-7ff689c913ef 1102->1106 1108 7ff689c913be-7ff689c913c1 1103->1108 1105->1106 1106->1094 1107 7ff689c913f5-7ff689c913f8 1106->1107 1111 7ff689c913fa-7ff689c913fd 1107->1111 1112 7ff689c9140c-7ff689c9140f 1107->1112 1113 7ff689c913cf-7ff689c913d2 1108->1113 1114 7ff689c913c3-7ff689c913cd call 7ff689ca0110 1108->1114 1111->1097 1115 7ff689c913ff-7ff689c91407 1111->1115 1112->1085 1113->1097 1114->1106 1114->1113 1115->1076
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: 1.3.1$Failed to extract %s: decompression resulted in return code %d!$Failed to extract %s: failed to allocate temporary input buffer!$Failed to extract %s: failed to allocate temporary output buffer!$Failed to extract %s: inflateInit() failed with return code %d!$malloc
                                                                                                                                                                                            • API String ID: 2050909247-2813020118
                                                                                                                                                                                            • Opcode ID: a2c136f2dc630e8bd9ba9f433a9a55eed43a6e2fd02c79a9c85d053d34a5d002
                                                                                                                                                                                            • Instruction ID: 54ce744a658e01ae1b7882bcee0c6b938787466849cb673e4794eff1f1c7eb51
                                                                                                                                                                                            • Opcode Fuzzy Hash: a2c136f2dc630e8bd9ba9f433a9a55eed43a6e2fd02c79a9c85d053d34a5d002
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6051C362B08682C5EA209F11E4513BA66B1BF85F9AF444139ED4ED7BD5EF3DE501C700
                                                                                                                                                                                            Function 00007FF689C936B0 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 61COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,00007FF689C93804), ref: 00007FF689C936E1
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C93804), ref: 00007FF689C936EB
                                                                                                                                                                                              • Part of subcall function 00007FF689C92C50: GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92C9E
                                                                                                                                                                                              • Part of subcall function 00007FF689C92C50: FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92D63
                                                                                                                                                                                              • Part of subcall function 00007FF689C92C50: MessageBoxW.USER32 ref: 00007FF689C92D99
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$CurrentErrorFileFormatLastModuleNameProcess
                                                                                                                                                                                            • String ID: Failed to convert executable path to UTF-8.$Failed to obtain executable path.$Failed to resolve full path to executable %ls.$GetModuleFileNameW$\\?\
                                                                                                                                                                                            • API String ID: 3187769757-2863816727
                                                                                                                                                                                            • Opcode ID: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                            • Instruction ID: 0863a0aecb1b0cf34c35ba564adf7a1cb189b99cb69c6d2c6f2ff8adf9471135
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7a7bb6314ef99d1ea6b5a99dff4d55fbb7227be169d5ba9e119ffda366a0a745
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D215161B1C642D1FB609F25EC153BA6270BF88B5AF80423AE65DC65D6FF2EE604C740
                                                                                                                                                                                            Function 00007FF689CABA5C Relevance: 10.8, APIs: 7, Instructions: 290COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            • Executed
                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                            control_flow_graph 1217 7ff689caba5c-7ff689caba82 1218 7ff689caba84-7ff689caba98 call 7ff689ca4ee8 call 7ff689ca4f08 1217->1218 1219 7ff689caba9d-7ff689cabaa1 1217->1219 1233 7ff689cabe8e 1218->1233 1220 7ff689cabe77-7ff689cabe83 call 7ff689ca4ee8 call 7ff689ca4f08 1219->1220 1221 7ff689cabaa7-7ff689cabaae 1219->1221 1240 7ff689cabe89 call 7ff689caa8e0 1220->1240 1221->1220 1223 7ff689cabab4-7ff689cabae2 1221->1223 1223->1220 1226 7ff689cabae8-7ff689cabaef 1223->1226 1229 7ff689cabaf1-7ff689cabb03 call 7ff689ca4ee8 call 7ff689ca4f08 1226->1229 1230 7ff689cabb08-7ff689cabb0b 1226->1230 1229->1240 1236 7ff689cabb11-7ff689cabb17 1230->1236 1237 7ff689cabe73-7ff689cabe75 1230->1237 1238 7ff689cabe91-7ff689cabea8 1233->1238 1236->1237 1241 7ff689cabb1d-7ff689cabb20 1236->1241 1237->1238 1240->1233 1241->1229 1244 7ff689cabb22-7ff689cabb47 1241->1244 1246 7ff689cabb49-7ff689cabb4b 1244->1246 1247 7ff689cabb7a-7ff689cabb81 1244->1247 1250 7ff689cabb72-7ff689cabb78 1246->1250 1251 7ff689cabb4d-7ff689cabb54 1246->1251 1248 7ff689cabb83-7ff689cabb8f call 7ff689cad5fc 1247->1248 1249 7ff689cabb56-7ff689cabb6d call 7ff689ca4ee8 call 7ff689ca4f08 call 7ff689caa8e0 1247->1249 1258 7ff689cabb94-7ff689cabbab call 7ff689caa948 * 2 1248->1258 1279 7ff689cabd00 1249->1279 1253 7ff689cabbf8-7ff689cabc0f 1250->1253 1251->1249 1251->1250 1256 7ff689cabc11-7ff689cabc19 1253->1256 1257 7ff689cabc8a-7ff689cabc94 call 7ff689cb391c 1253->1257 1256->1257 1261 7ff689cabc1b-7ff689cabc1d 1256->1261 1268 7ff689cabd1e 1257->1268 1269 7ff689cabc9a-7ff689cabcaf 1257->1269 1282 7ff689cabbc8-7ff689cabbf3 call 7ff689cac284 1258->1282 1283 7ff689cabbad-7ff689cabbc3 call 7ff689ca4f08 call 7ff689ca4ee8 1258->1283 1261->1257 1265 7ff689cabc1f-7ff689cabc35 1261->1265 1265->1257 1270 7ff689cabc37-7ff689cabc43 1265->1270 1272 7ff689cabd23-7ff689cabd43 ReadFile 1268->1272 1269->1268 1274 7ff689cabcb1-7ff689cabcc3 GetConsoleMode 1269->1274 1270->1257 1275 7ff689cabc45-7ff689cabc47 1270->1275 1277 7ff689cabd49-7ff689cabd51 1272->1277 1278 7ff689cabe3d-7ff689cabe46 GetLastError 1272->1278 1274->1268 1280 7ff689cabcc5-7ff689cabccd 1274->1280 1275->1257 1281 7ff689cabc49-7ff689cabc61 1275->1281 1277->1278 1285 7ff689cabd57 1277->1285 1288 7ff689cabe63-7ff689cabe66 1278->1288 1289 7ff689cabe48-7ff689cabe5e call 7ff689ca4f08 call 7ff689ca4ee8 1278->1289 1290 7ff689cabd03-7ff689cabd0d call 7ff689caa948 1279->1290 1280->1272 1287 7ff689cabccf-7ff689cabcf1 ReadConsoleW 1280->1287 1281->1257 1291 7ff689cabc63-7ff689cabc6f 1281->1291 1282->1253 1283->1279 1295 7ff689cabd5e-7ff689cabd73 1285->1295 1297 7ff689cabd12-7ff689cabd1c 1287->1297 1298 7ff689cabcf3 GetLastError 1287->1298 1292 7ff689cabcf9-7ff689cabcfb call 7ff689ca4e7c 1288->1292 1293 7ff689cabe6c-7ff689cabe6e 1288->1293 1289->1279 1290->1238 1291->1257 1301 7ff689cabc71-7ff689cabc73 1291->1301 1292->1279 1293->1290 1295->1290 1304 7ff689cabd75-7ff689cabd80 1295->1304 1297->1295 1298->1292 1301->1257 1302 7ff689cabc75-7ff689cabc85 1301->1302 1302->1257 1309 7ff689cabd82-7ff689cabd9b call 7ff689cab674 1304->1309 1310 7ff689cabda7-7ff689cabdaf 1304->1310 1317 7ff689cabda0-7ff689cabda2 1309->1317 1313 7ff689cabdb1-7ff689cabdc3 1310->1313 1314 7ff689cabe2b-7ff689cabe38 call 7ff689cab4b4 1310->1314 1318 7ff689cabe1e-7ff689cabe26 1313->1318 1319 7ff689cabdc5 1313->1319 1314->1317 1317->1290 1318->1290 1321 7ff689cabdca-7ff689cabdd1 1319->1321 1322 7ff689cabdd3-7ff689cabdd7 1321->1322 1323 7ff689cabe0d-7ff689cabe18 1321->1323 1324 7ff689cabdf3 1322->1324 1325 7ff689cabdd9-7ff689cabde0 1322->1325 1323->1318 1326 7ff689cabdf9-7ff689cabe09 1324->1326 1325->1324 1327 7ff689cabde2-7ff689cabde6 1325->1327 1326->1321 1329 7ff689cabe0b 1326->1329 1327->1324 1328 7ff689cabde8-7ff689cabdf1 1327->1328 1328->1326 1329->1318
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: fe76644ed600cf537c3c6f178a4f6dddc7bb94aee2e0e4a7e52e493d4ee37ba5
                                                                                                                                                                                            • Instruction ID: 3f72a22b849d9b6402793d72ff9babca6bf12c2ecc51c186332f9761ca7900c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: fe76644ed600cf537c3c6f178a4f6dddc7bb94aee2e0e4a7e52e493d4ee37ba5
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDC1BBA2A08A86D2F6608F15D4442BD7AF0FFC1F82F554139EA4EA3795CE7EE845C700
                                                                                                                                                                                            Function 00007FF689C96360 Relevance: 10.6, APIs: 1, Strings: 6, Instructions: 82COMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to load Python DLL '%ls'.$LoadLibrary$Path of Python shared library (%s) and its name (%s) exceed buffer size (%d)$Path of ucrtbase.dll (%s) and its name exceed buffer size (%d)$Reported length (%d) of Python shared library name (%s) exceeds buffer size (%d)$ucrtbase.dll
                                                                                                                                                                                            • API String ID: 2050909247-2434346643
                                                                                                                                                                                            • Opcode ID: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                            • Instruction ID: db53a5285447d9cb590124ba1cdc83ff2261a45368485c77b5ece5d4bcd87b41
                                                                                                                                                                                            • Opcode Fuzzy Hash: 111e0a7e53993944da2df5d9c96cd3a7cea32e86f931b773c4ccd6a62d35c348
                                                                                                                                                                                            • Instruction Fuzzy Hash: 29418E31A18A86D1EA21DF64E4542E96331FF54B89F80413AEA5C836D6EF3DE609C740
                                                                                                                                                                                            Function 00007FF689C92390 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DeleteDestroyDialogHandleIconIndirectModuleObjectParam
                                                                                                                                                                                            • String ID: Unhandled exception in script
                                                                                                                                                                                            • API String ID: 3081866767-2699770090
                                                                                                                                                                                            • Opcode ID: 3b326f38696452fedce944a8216705a7f012b21920c96e855d1ab8eaac442c5d
                                                                                                                                                                                            • Instruction ID: 8ecaba3b89cb2bcf0a3bae13a32d45a57619dc230c60011988c472660b60d0e0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3b326f38696452fedce944a8216705a7f012b21920c96e855d1ab8eaac442c5d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 98311E72A1968189EB20DF61E8552F977B0FF89B89F440139EA4D87B59DF3DD105C700
                                                                                                                                                                                            Function 00007FF689CA5628 Relevance: 6.1, APIs: 4, Instructions: 90fileCOMMON
                                                                                                                                                                                            Download Yara Rule

                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseCreateFileHandle_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1279662727-0
                                                                                                                                                                                            • Opcode ID: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                            • Instruction ID: 6b56fc4c4fd3b7f85aab10197497bf2601f6323841a0cdb4ae69cbeb3ea0e7bc
                                                                                                                                                                                            • Opcode Fuzzy Hash: b1746a8a916bbf96797ffba89da9809a683c49b2a7b1d8f7dd6efe5c63c8eb6a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E4182A2E28781C7E6508F20D51036D76B1FF94BA5F109339E65C93AD5DF7DA5A0C700
                                                                                                                                                                                            Function 00007FF689C920C0 Relevance: 6.1, APIs: 4, Instructions: 52COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LongWindow$DialogInvalidateRect
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1956198572-0
                                                                                                                                                                                            • Opcode ID: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                            • Instruction ID: 4a29252a569944b6ed19eb1f2884884550b9054181af30b1039d09a01ce94a49
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3f66ec3ad31a24d6b03c6ecd933265a99c2c3f38e7b83c206d3886b5f9d1bb92
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E11A921B1C142C2FA549F6AE5442B9A671FF84F89F845038DB8947B99CE2ED8D5C600
                                                                                                                                                                                            Function 00007FF8A82714BF Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 243COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem.c$state_machine
                                                                                                                                                                                            • API String ID: 1452528299-1722249466
                                                                                                                                                                                            • Opcode ID: fa1af6e95ef90c32761611ab3741ed222fae2e63033c217ccf4e575d4f6d4e5b
                                                                                                                                                                                            • Instruction ID: 54dbd2682472f9751880b68a9358c653bf0b8113a19eb761c7690b9fa29df581
                                                                                                                                                                                            • Opcode Fuzzy Hash: fa1af6e95ef90c32761611ab3741ed222fae2e63033c217ccf4e575d4f6d4e5b
                                                                                                                                                                                            • Instruction Fuzzy Hash: D5A1C1B6A0A642A2F7B4AF25C4403B92695EF40BC8F184431DA4D466CDDF7DE881C779
                                                                                                                                                                                            Function 00007FF8A82714EC Relevance: 4.7, APIs: 1, Strings: 2, Instructions: 206COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                            • String ID: ..\s\ssl\record\rec_layer_s3.c$ssl3_read_n
                                                                                                                                                                                            • API String ID: 1452528299-4226281315
                                                                                                                                                                                            • Opcode ID: d94d605e0c3c7615078f9d1603b74134fba96d51f0d75133064dff5826735a27
                                                                                                                                                                                            • Instruction ID: 5a865291500c1dbc1bd2aa8da9a8bc082428f448ea56c299795779b45c9847ac
                                                                                                                                                                                            • Opcode Fuzzy Hash: d94d605e0c3c7615078f9d1603b74134fba96d51f0d75133064dff5826735a27
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5091A031A0BA82AAFB509F25D4487B926A1FF44FC8F584135DE4C07A9DDF78E845C328
                                                                                                                                                                                            Function 00007FF689C9CC3C Relevance: 4.6, APIs: 3, Instructions: 94COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3251591375-0
                                                                                                                                                                                            • Opcode ID: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                            • Instruction ID: 774d890bd184a8b295b71d5c67383b3d6a0dcaf2a33ffff1d51027d13ef3dd5e
                                                                                                                                                                                            • Opcode Fuzzy Hash: b3dd18574e8b698ea28c35ed35ed65a6730a16d6ac14c38d0a8ba428da0d66bc
                                                                                                                                                                                            • Instruction Fuzzy Hash: BF313D21E88147C5FA64AF64D8523B926B1BF81F8EF44543CE94ED76D3DE2FA804C211
                                                                                                                                                                                            Function 00007FF689CA013C Relevance: 3.2, APIs: 2, Instructions: 177COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                            • Instruction ID: 3fbf8f77e11e10e722a0e7db1abc9d62a592163bdc0bde74152d2fdb394569a0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2fd4b9cf4e2c203a215f80a0453bc9b94d2a0e119ef729a2f51343e3c0f92604
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5A51E9A1B0A241C6E764DE25D4006BA65F1BF86FE6F184738DE6EA37C5CE3ED401C600
                                                                                                                                                                                            Function 00007FF689CAC134 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastPointer
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2976181284-0
                                                                                                                                                                                            • Opcode ID: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                            • Instruction ID: 7f652fb649ca2fc72aab7cea813a1c490e4697f9216543ecc642c7ef2d5bfa16
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7d52f85de62641260209e8dbb28c5e1251e01e8bf24b4306ce9dcd9badf2c9c6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A11BBA2708A8185DA208B25E810069B2B1BF95FF1F540339EA7D9B7E8CE3DD011C700
                                                                                                                                                                                            Function 00007FF689CAA948 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFreeHeapLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 485612231-0
                                                                                                                                                                                            • Opcode ID: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                            • Instruction ID: 892372e735fd71cb12666b43a5ed62f386bc6fe5f1f0fbbae9717962e0e7a4ec
                                                                                                                                                                                            • Opcode Fuzzy Hash: 46e6024f15a2f57ad5ff64688e0fe3cec5898f8577aba2f63b046adc8766ef53
                                                                                                                                                                                            • Instruction Fuzzy Hash: 33E04F90F09202C2FE086FB2E84513816B17FC8F83F440038C80DD2292EE2D6841C210
                                                                                                                                                                                            Function 00007FF689CAAB58 Relevance: 2.6, APIs: 2, Instructions: 59COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CloseHandle.KERNEL32(?,?,?,00007FF689CAA9D5,?,?,00000000,00007FF689CAAA8A), ref: 00007FF689CAABC6
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689CAA9D5,?,?,00000000,00007FF689CAAA8A), ref: 00007FF689CAABD0
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CloseErrorHandleLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 918212764-0
                                                                                                                                                                                            • Opcode ID: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                            • Instruction ID: b450bdfa7be2bcd8df831db3def297281de45c5ac0685d56ab9633c6677d1c48
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae1e15d82824e1a5fac1c7302ca2ff5641fe0b0e43db7728cd9339717749910c
                                                                                                                                                                                            • Instruction Fuzzy Hash: F42150B1B1868282FA949B51E45027926F3BF84FD6F04423DE92ED77D5CE6EA881C300
                                                                                                                                                                                            Function 00007FF689CABEAC Relevance: 1.6, APIs: 1, Instructions: 112COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                            • Instruction ID: e0f54e3ab8bf5b28eab8336733324e10e7e8b4091c35ee922357fedbead0344c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5a303e376ae32d58fd1e52f1ac99a64fdc1cf63549abbe0bdd4da132c2ec767e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6341B172908241C7EA648E29E9402797BF0FF95F82F141139E68ED36D1CF2EE402CB50
                                                                                                                                                                                            Function 00007FF8A82CEC4C Relevance: 1.6, APIs: 1, Instructions: 337COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                                            • Opcode ID: aea56f64fe44ad7b0340a1766d39962d55ffaa5f78c982329402f1f7499899da
                                                                                                                                                                                            • Instruction ID: c8a7ade65302426cc6f2b4f85da92b3bb6c68657d2ae25f752d7f42e082b0ef4
                                                                                                                                                                                            • Opcode Fuzzy Hash: aea56f64fe44ad7b0340a1766d39962d55ffaa5f78c982329402f1f7499899da
                                                                                                                                                                                            • Instruction Fuzzy Hash: 9B3103B2A0A242AAF764AE25D44027D37E1EB40FC8F584431DF494368DDF7EE842C769
                                                                                                                                                                                            Function 00007FF689C97F90 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _fread_nolock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 840049012-0
                                                                                                                                                                                            • Opcode ID: 9e22266e3c47aced14be5afb961cee59e27499b19496fa422020829e1fedf6d0
                                                                                                                                                                                            • Instruction ID: 9ee80099daf9d719c76cbffc6aefc153b0c20dcba69f0e3de1f306cf84c85695
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9e22266e3c47aced14be5afb961cee59e27499b19496fa422020829e1fedf6d0
                                                                                                                                                                                            • Instruction Fuzzy Hash: AB218021B18652C6EA509F23E9043BA96B1BF45FD9FC86438EE0D97786CE7FE041C200
                                                                                                                                                                                            Function 00007FF689CAB93C Relevance: 1.6, APIs: 1, Instructions: 79COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                            • Instruction ID: a705afd3f4464278e5f8213ac8471f2c411b022b6a522af1c67c48e2c5ab9b87
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0fe3e981c7cf3185d146a9a4244026f2f164e791e6f92d2a50fd94940550a020
                                                                                                                                                                                            • Instruction Fuzzy Hash: 36316DB2A18652C6E7116F66D84137C2AF0BF84FA2F41013DE91DA73D2DE7EA841C711
                                                                                                                                                                                            Function 00007FF689CA5F94 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                            • Instruction ID: b5d8e858a59f724bee502cf5e7f74f162905574bb7b6e826760efc753e3c7276
                                                                                                                                                                                            • Opcode Fuzzy Hash: d0ecc1d4814c8292f6d285d86e9f4332b8d7141ecd04c52723bb65a1ba9d936a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 48114FB1A1C681C2EA609F51D80017DA2F5BF85FC6F448439EA8CA7A96DF3FD400D740
                                                                                                                                                                                            Function 00007FF689CB6354 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                            • Instruction ID: 0125461a2462ae43a02442b260ab7e93cb2b40bc035d2553ae4522bab5670fc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3765a10cee1e255344ee37f065f4be71d58868c9c9e645b3056c9746d3493235
                                                                                                                                                                                            • Instruction Fuzzy Hash: 74215072A18A41C6EB618F18D54037976B0FF84FA6F544238E65D876D9DF3ED411CB00
                                                                                                                                                                                            Function 00007FF689CA03BC Relevance: 1.5, APIs: 1, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3215553584-0
                                                                                                                                                                                            • Opcode ID: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                            • Instruction ID: cf710ec3289ca87352305453495e04253d73b2e310afb88b4d5b69b1e22cbf54
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8e9754deeba93abb4745aa2efb451e77357aefa8fb0fbddb16feb6c8c90fdd62
                                                                                                                                                                                            • Instruction Fuzzy Hash: ED01C8A1A08745C1E504DF52D9000B9A6F1BF86FE1F484639DE5DA7BE6CE3DD401D710
                                                                                                                                                                                            Function 00007FF689C98E80 Relevance: 1.5, APIs: 1, Instructions: 19libraryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C99390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF689C945F4,00000000,00007FF689C91985), ref: 00007FF689C993C9
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,00007FF689C96476,?,00007FF689C9336E), ref: 00007FF689C98EA2
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharLibraryLoadMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2592636585-0
                                                                                                                                                                                            • Opcode ID: 11a4aaaef8a7a10f6e0ce37232ac144c9e9b59754371ad75d1a790c2d21c933d
                                                                                                                                                                                            • Instruction ID: cafcf7d7b7dcdf460f59ead02aad383983286c84cb48091de9ca339f70540b12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 11a4aaaef8a7a10f6e0ce37232ac144c9e9b59754371ad75d1a790c2d21c933d
                                                                                                                                                                                            • Instruction Fuzzy Hash: 54D08C01F2424582EA84AB67BA466395272BF89FC0F889039EE1D43B4ADC3DD0418B00
                                                                                                                                                                                            Function 00007FF8A8271E01 Relevance: 1.3, APIs: 1, Instructions: 87COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1452528299-0
                                                                                                                                                                                            • Opcode ID: 7996a06857c3f91e8426b2d630f3f6f22c05bb801b80ee25fc1232160325fa23
                                                                                                                                                                                            • Instruction ID: ef40e069093778b8cc067ca97880ac2e519bf2d8266d710064b7cf4f289d8743
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7996a06857c3f91e8426b2d630f3f6f22c05bb801b80ee25fc1232160325fa23
                                                                                                                                                                                            • Instruction Fuzzy Hash: FE31CBB2A0A242A6F764AE26D44027922D5EF40FC4F188431DF494768DDF39E882C769
                                                                                                                                                                                            Function 00007FF689CAD5FC Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • HeapAlloc.KERNEL32(?,?,?,00007FF689CA0C90,?,?,?,00007FF689CA22FA,?,?,?,?,?,00007FF689CA3AE9), ref: 00007FF689CAD63A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AllocHeap
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4292702814-0
                                                                                                                                                                                            • Opcode ID: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                            • Instruction ID: 6e55bc7ff23c525e9272a6e4af54fa85fbb28137dee8b4549c74ca2447f09a97
                                                                                                                                                                                            • Opcode Fuzzy Hash: 510c613edcbd96140e332c46b5608733b20d975e117422ad796dc4540c81bb80
                                                                                                                                                                                            • Instruction Fuzzy Hash: CDF0DA90E19246C9FE545E61D9416B511F46F84FA3F080B38D92ED6AC2DD2EA480C610

                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                            Function 00007FF689C989E0 Relevance: 70.3, APIs: 36, Strings: 4, Instructions: 257synchronizationwindowregistryCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$ErrorLast$ObjectProcessSingleWait$CloseCreateHandlePeekWindow_invalid_parameter_noinfo$ByteCharClassCodeCommandConsoleCtrlCurrentDestroyDispatchExitFormatHandlerInfoLineMultiRegisterStartupTerminateTranslateWide
                                                                                                                                                                                            • String ID: CreateProcessW$Failed to create child process!$PyInstaller Onefile Hidden Window$PyInstallerOnefileHiddenWindow
                                                                                                                                                                                            • API String ID: 3832162212-3165540532
                                                                                                                                                                                            • Opcode ID: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                            • Instruction ID: 31cc37e2faf46ab3d3a694efd42f42dff1710ab27f9370bb6c74aa854b401062
                                                                                                                                                                                            • Opcode Fuzzy Hash: 99838be411f58a84d89697932930ae4644c798f1dd42cd928399edbb9bf0e48e
                                                                                                                                                                                            • Instruction Fuzzy Hash: BCD17072A08A82C6EB108F75E8542AD3B74FF84F5AF400239DA5E93AA4DF3DD545C740
                                                                                                                                                                                            Function 00007FF8A7A4F450 Relevance: 20.0, APIs: 13, Instructions: 493COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$C6138$A2419
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2638009314-0
                                                                                                                                                                                            • Opcode ID: 4ad74d6352975525fef7d118f1126785598b34d2acfb356d2fdbc403612dc115
                                                                                                                                                                                            • Instruction ID: c6ff77c55cfed0f0b960e49b46add0bb9e8e6b9de0903229050a719d617080d3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4ad74d6352975525fef7d118f1126785598b34d2acfb356d2fdbc403612dc115
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD22D232A16F85A6DA168F2895113BEB365FF557C4F199332EA8F27650EF3DF0429200
                                                                                                                                                                                            Function 00007FF8A7A4FF00 Relevance: 20.0, APIs: 13, Instructions: 493COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$C6138$A2419
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2638009314-0
                                                                                                                                                                                            • Opcode ID: 6aed54118feec531af873d9543ed006788bdddb699dcf0f01bbf85fdea2b84b3
                                                                                                                                                                                            • Instruction ID: 3248d04c97756b74d425256b7f66411660fb55c88229a777702f327ccc313432
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6aed54118feec531af873d9543ed006788bdddb699dcf0f01bbf85fdea2b84b3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C229132B16F85A6D61A8F3491423BFA366FF597D4F159332DB8E26650EF3CE0429600
                                                                                                                                                                                            Function 00007FF8A7A47010 Relevance: 18.4, APIs: 12, Instructions: 450COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A47144
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A471B0
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A47209
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A47274
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A472DC
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A47332
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A473A4
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A4740E
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A47465
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A474E4
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A4754C
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,00007FF8A7A4BE1A), ref: 00007FF8A7A475A2
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C6138
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2722774091-0
                                                                                                                                                                                            • Opcode ID: 9849245b78ca4eb92c5d8d99ab215348344db1bea5ddf0a16522947d471a4013
                                                                                                                                                                                            • Instruction ID: 57d4549c256f39a8ba48e95d84fe6f9055742aad5d455fea2ea177ae0ebd7afe
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9849245b78ca4eb92c5d8d99ab215348344db1bea5ddf0a16522947d471a4013
                                                                                                                                                                                            • Instruction Fuzzy Hash: C102B422F59E85AEE607CF7481023BEA366EF157D4F16C332E90F36654EB7974929200
                                                                                                                                                                                            Function 00007FF8A7603068 Relevance: 13.6, APIs: 9, Instructions: 72COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927195083.00007FF8A7601000.00000040.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A7600000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927176505.00007FF8A7600000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7662000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76AE000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76B2000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76B7000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A770F000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7714000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7717000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927398298.00007FF8A7718000.00000080.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927416180.00007FF8A771A000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7600000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007A2419ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3856421733-0
                                                                                                                                                                                            • Opcode ID: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                            • Instruction ID: 6c1239d5e29a709e5d712f06682f3da5f8960c3d25b0b71d6f8f78431adc3d73
                                                                                                                                                                                            • Opcode Fuzzy Hash: 14da1239b2aff37f2225a2b2eb9612ff8327347efab586c9ed8106aec9f5eecf
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6631707260AB8199EB608F61E8507ED3374FB84785F44943ADA4E47B99EF3CC649C700
                                                                                                                                                                                            Function 00007FF689C983C0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 89fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FindFirstFileW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C9842B
                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984AE
                                                                                                                                                                                            • DeleteFileW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984CD
                                                                                                                                                                                            • FindNextFileW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984DB
                                                                                                                                                                                            • FindClose.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984EC
                                                                                                                                                                                            • RemoveDirectoryW.KERNEL32(?,00007FF689C98919,00007FF689C93F9D), ref: 00007FF689C984F5
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFind$DirectoryRemove$CloseDeleteFirstNext
                                                                                                                                                                                            • String ID: %s\*
                                                                                                                                                                                            • API String ID: 1057558799-766152087
                                                                                                                                                                                            • Opcode ID: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                            • Instruction ID: cdd38bf595d72c418602dabc0bfd2f6e667d826eff70c1ecad87738562ae56ad
                                                                                                                                                                                            • Opcode Fuzzy Hash: 9215641a051a597ab69d89bbe09b444c24fb25eba6eed844fe9e008ab190e420
                                                                                                                                                                                            • Instruction Fuzzy Hash: 22417321A0C942D5EA209F65E4542BA7370FF94F5AF80023AE99EC36D4EF3EE549C740
                                                                                                                                                                                            Function 00007FF8A7A476B0 Relevance: 10.8, APIs: 7, Instructions: 267COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$C6138$A2419
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2638009314-0
                                                                                                                                                                                            • Opcode ID: 2280084202c957317e2ddb1ec18dc6dfdd8b4049e1094c236acac9da9a2d9437
                                                                                                                                                                                            • Instruction ID: a4f04c222f1ddd7bbdbdc9ba67e701f62efed4ce2ab6065ade564ce12a636fcf
                                                                                                                                                                                            • Opcode Fuzzy Hash: 2280084202c957317e2ddb1ec18dc6dfdd8b4049e1094c236acac9da9a2d9437
                                                                                                                                                                                            • Instruction Fuzzy Hash: 28B12722E1AE9569E6078B3485023BEA316EF557D5F16C332E94F27784FF3DB0829200
                                                                                                                                                                                            Function 00007FF8A7A36F90 Relevance: 10.8, APIs: 5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$A2419C61203
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3549137889-2920267241
                                                                                                                                                                                            • Opcode ID: 18535fbcc1c3291b499e8e54c5bbcc61516be26d48224b1c5d4ab9802cf573ba
                                                                                                                                                                                            • Instruction ID: efee95a32b6a7329341ada37f4f8db567331057374fd9db77d232e8267b559a1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 18535fbcc1c3291b499e8e54c5bbcc61516be26d48224b1c5d4ab9802cf573ba
                                                                                                                                                                                            • Instruction Fuzzy Hash: 12C13476619BC492D660CF16F8803AAB7A8F789BC4F544126EE8C47B58EF38D055DB00
                                                                                                                                                                                            Function 00007FF8A8272135 Relevance: 10.6, APIs: 7, Instructions: 73COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: a32b81c2ff6dfccb19a9728fe67c5763d4d0aea259f9004b58da64eb6530d66a
                                                                                                                                                                                            • Instruction ID: 24cbf7ba5fb17eb3937388ef45b599a7296b83738e297725381b359dd95c9cae
                                                                                                                                                                                            • Opcode Fuzzy Hash: a32b81c2ff6dfccb19a9728fe67c5763d4d0aea259f9004b58da64eb6530d66a
                                                                                                                                                                                            • Instruction Fuzzy Hash: CB31967660AB81AAEB609F60E8403FD3364FB94794F444039DA4E47B98EF7CD548C728
                                                                                                                                                                                            Function 00007FF689C9D12C Relevance: 10.6, APIs: 7, Instructions: 71COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3140674995-0
                                                                                                                                                                                            • Opcode ID: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                            • Instruction ID: 5a0d87fd688d6d674554487182397f23cd29f0e5fee8f54979f9a218d8979c18
                                                                                                                                                                                            • Opcode Fuzzy Hash: 357b26123f7cc0566be18cabbec560c6351d8abd4e8582c9dfa9d4018571b442
                                                                                                                                                                                            • Instruction Fuzzy Hash: D7312172608B85C6EB648F60E8403ED7774FB84B49F44403ADA4E97B96DF39D548C710
                                                                                                                                                                                            Function 00007FF689CB5C00 Relevance: 9.3, APIs: 6, Instructions: 334timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5C45
                                                                                                                                                                                              • Part of subcall function 00007FF689CB5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB55AC
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA900: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF689CAA8DF,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAA909
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA900: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF689CAA8DF,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAA92E
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5C34
                                                                                                                                                                                              • Part of subcall function 00007FF689CB55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB560C
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EAA
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EBB
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5ECC
                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF689CB610C), ref: 00007FF689CB5EF3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4070488512-0
                                                                                                                                                                                            • Opcode ID: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                            • Instruction ID: f4df78c9c76a998611ad313fcc3a1a6d364d3dee8165a481c9316bfccf6bfeca
                                                                                                                                                                                            • Opcode Fuzzy Hash: 677ea417f3249c8bdb60afb6413c0575e0f743ff33606516b420b369f71394b1
                                                                                                                                                                                            • Instruction Fuzzy Hash: EFD1B022A18292C6EB209F22D5411B977B1FF98F96F448139EA4DC7696DF3EE841C740
                                                                                                                                                                                            Function 00007FF8A7A2F620 Relevance: 9.2, APIs: 6, Instructions: 245COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$A2419$C6138
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3559315223-0
                                                                                                                                                                                            • Opcode ID: 4d5f8cb658c489e435210d4949c78672a3c0ff4360f256d3127a63e6ec7d7eb5
                                                                                                                                                                                            • Instruction ID: 743c235f216238ac8e81d90c20dbe87567ebb67689e91180d69eb8f33b005907
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4d5f8cb658c489e435210d4949c78672a3c0ff4360f256d3127a63e6ec7d7eb5
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1FA1F622A09FC5A5D7128F25A4017AEB765EF56BC4F044232EA4E27665EF3CF0469B40
                                                                                                                                                                                            Function 00007FF8A7A30F00 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$A2419$C6138
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3559315223-0
                                                                                                                                                                                            • Opcode ID: bead9de0f35735378f23ea55d365871010558179f8230bb8be135924470135c2
                                                                                                                                                                                            • Instruction ID: ec52334722e4d5e53cfe87444a9265936dd04a712942f1dcc6fb9b643abe0be5
                                                                                                                                                                                            • Opcode Fuzzy Hash: bead9de0f35735378f23ea55d365871010558179f8230bb8be135924470135c2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70A1F526A19FC5A9E6128F64A4027AEB765FF967C4F048332DA4E27655EF3CF042D700
                                                                                                                                                                                            Function 00007FF8A7A32750 Relevance: 9.2, APIs: 6, Instructions: 239COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$A2419$C6138
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3559315223-0
                                                                                                                                                                                            • Opcode ID: ae739e9c8768b61d34a53e8380dbf225ba3c88fc2270ed3bf18cf53171ac132b
                                                                                                                                                                                            • Instruction ID: b9a80ab6d778600c9b569eb8f02b13403ecc3bba28f51fe20346b1252fd0d296
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae739e9c8768b61d34a53e8380dbf225ba3c88fc2270ed3bf18cf53171ac132b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 70A12822E19BC5A9D6128F65A4023AEB765FF567C0F048232DA5F27694EF3CF042D704
                                                                                                                                                                                            Function 00007FF689CAA614 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1239891234-0
                                                                                                                                                                                            • Opcode ID: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                            • Instruction ID: e326e65d153ce9fb5a80dda053e3152fc9ea7fa027531a121acc0e2f7f155396
                                                                                                                                                                                            • Opcode Fuzzy Hash: ae2d74aaff6e8c1310ec24f87c3395aa5518f909cdba62f6f822c67f0a9cc142
                                                                                                                                                                                            • Instruction Fuzzy Hash: 59315E36608B81CADB608F25E8402AE77B4FF88B99F540139EA9D83B59DF3DC545CB00
                                                                                                                                                                                            Function 00007FF8A8271CC1 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 292COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: ..\s\ssl\statem\statem_srvr.c$construct_stateful_ticket$resumption$tls_construct_new_session_ticket
                                                                                                                                                                                            • API String ID: 0-1194634662
                                                                                                                                                                                            • Opcode ID: 72ef1a0d099f6e64caee48e151b3fdafe4a252f0948802915178ad43b1f83a31
                                                                                                                                                                                            • Instruction ID: bad7e17023ecd56889959b277ccaca329d89985efa61c72e5779abb2d0004fc1
                                                                                                                                                                                            • Opcode Fuzzy Hash: 72ef1a0d099f6e64caee48e151b3fdafe4a252f0948802915178ad43b1f83a31
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0CD18232A1A682A2EB50DB65D8407F96B60EF85BC4F480036DE8C47799EF7DE541C728
                                                                                                                                                                                            Function 00007FF8A7A2E0E0 Relevance: 7.9, APIs: 5, Instructions: 359COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A7A2E391
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A7A2E415
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A7A2E5A1
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A7A2E600
                                                                                                                                                                                            • 00007FF8C6138E00.API-MS-WIN-CRT-MATH-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000100,?), ref: 00007FF8A7A2E650
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C6138
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2722774091-0
                                                                                                                                                                                            • Opcode ID: a405a8573ef0059d34fbf0adc7b897dd3450eafbcd56fe8aba266c0f98d92266
                                                                                                                                                                                            • Instruction ID: 1cc4a013da5efbb25f587fd66c33745e2ebac875e35f39e04d9c53bf75c5fe7d
                                                                                                                                                                                            • Opcode Fuzzy Hash: a405a8573ef0059d34fbf0adc7b897dd3450eafbcd56fe8aba266c0f98d92266
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21E11631F19E856AE71B8B3890067BDA35AEF957D4F149331D94F22764FB38B0C29A40
                                                                                                                                                                                            Function 00007FF689CB1874 Relevance: 7.8, APIs: 5, Instructions: 282COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFindFirst_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2227656907-0
                                                                                                                                                                                            • Opcode ID: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                                                                                                                            • Instruction ID: 7c95b0acc83b6ecadf691551a808a30cbbf0563ce4e1fb2a1290e8064548cd6a
                                                                                                                                                                                            • Opcode Fuzzy Hash: 471de8175ffa50438b20796c5ba06e190623de8bcba55c14971da5e7bf2bc1ae
                                                                                                                                                                                            • Instruction Fuzzy Hash: 34B1C062B18692C1EA609F22D4102B973B1FF44FE6F445139EA5D97BC9EE3EE541C300
                                                                                                                                                                                            Function 00007FF8A8271EE7 Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 461COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C61208
                                                                                                                                                                                            • String ID: ..\s\ssl\statem\extensions_srvr.c$D:\a\1\s\include\internal/packet.h$tls_parse_ctos_psk
                                                                                                                                                                                            • API String ID: 3535234312-3130753023
                                                                                                                                                                                            • Opcode ID: bb724076062f272585b580d73b7977494b0d4d745f159f4f9cf574436709696b
                                                                                                                                                                                            • Instruction ID: 16924ec463eb586b45dcfa9efd2212fa8f67087f11f222e57df9cd115b3256e3
                                                                                                                                                                                            • Opcode Fuzzy Hash: bb724076062f272585b580d73b7977494b0d4d745f159f4f9cf574436709696b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4712E6A2A1AA82A1F7609B65D4442BE6BA1FFC07C4F044036EE4D47B9DDF7CE541C728
                                                                                                                                                                                            Function 00007FF8A7A47AF0 Relevance: 6.2, APIs: 4, Instructions: 169COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$C6138$A2419
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2638009314-0
                                                                                                                                                                                            • Opcode ID: 356486f7cd09bba83d452288d2f2bf37ab3cbbea5aa855d9c4ad7cdf557bac0d
                                                                                                                                                                                            • Instruction ID: 74025a334124ff0796374238335d082edc788ad36cdb753ad33b62fd969327ab
                                                                                                                                                                                            • Opcode Fuzzy Hash: 356486f7cd09bba83d452288d2f2bf37ab3cbbea5aa855d9c4ad7cdf557bac0d
                                                                                                                                                                                            • Instruction Fuzzy Hash: E961F752F1AEC569E9278A3491033BEA356EF657D4F15C332DA4F36644FF2EB0429500
                                                                                                                                                                                            Function 00007FF8A7A40650 Relevance: 6.2, APIs: 4, Instructions: 160COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$C6138$A2419
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2638009314-0
                                                                                                                                                                                            • Opcode ID: 5b56463fd863cf154fbcd706ef899aa10349edf28a230e844891e3160064b196
                                                                                                                                                                                            • Instruction ID: 06a7e45ef5f2ae5fa75a5913bede648fa339a0662e975216e21f223ac4d4e9c2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5b56463fd863cf154fbcd706ef899aa10349edf28a230e844891e3160064b196
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4C512721F19E4479E5078A38420237FE256EFA57D5E16D332E94F32A55EF2EB0836900
                                                                                                                                                                                            Function 00007FF689CB5E7C Relevance: 6.1, APIs: 4, Instructions: 143timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EAA
                                                                                                                                                                                              • Part of subcall function 00007FF689CB55F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB560C
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5EBB
                                                                                                                                                                                              • Part of subcall function 00007FF689CB5598: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB55AC
                                                                                                                                                                                            • _get_daylight.LIBCMT ref: 00007FF689CB5ECC
                                                                                                                                                                                              • Part of subcall function 00007FF689CB55C8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CB55DC
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                            • GetTimeZoneInformation.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,00007FF689CB610C), ref: 00007FF689CB5EF3
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3458911817-0
                                                                                                                                                                                            • Opcode ID: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                                                                                                                            • Instruction ID: b59fd2980b16bc7c9df650924b308edda85714a50615d6927dd231a4f928876c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 179af59534a267e8b56f66eebf2dbf2058aebcf107c16e98e161f461d30bd41f
                                                                                                                                                                                            • Instruction Fuzzy Hash: E1514E32A08682C6E710DF22E9815A9B771BF98B8AF44513DEA4DC7796DF3EE441C740
                                                                                                                                                                                            Function 00007FF689C95830 Relevance: 229.6, APIs: 86, Strings: 45, Instructions: 400libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95840
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95852
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95889
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9589B
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958B4
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958C6
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958DF
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C958F1
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9590D
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9591F
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9593B
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9594D
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95969
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C9597B
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C95997
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C959A9
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C959C5
                                                                                                                                                                                            • GetLastError.KERNEL32(?,00007FF689C964CF,?,00007FF689C9336E), ref: 00007FF689C959D7
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressErrorLastProc
                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$PyConfig_Clear$PyConfig_InitIsolatedConfig$PyConfig_Read$PyConfig_SetBytesString$PyConfig_SetString$PyConfig_SetWideStringList$PyErr_Clear$PyErr_Fetch$PyErr_NormalizeException$PyErr_Occurred$PyErr_Print$PyErr_Restore$PyEval_EvalCode$PyImport_AddModule$PyImport_ExecCodeModule$PyImport_ImportModule$PyMarshal_ReadObjectFromString$PyMem_RawFree$PyModule_GetDict$PyObject_CallFunction$PyObject_CallFunctionObjArgs$PyObject_GetAttrString$PyObject_SetAttrString$PyObject_Str$PyPreConfig_InitIsolatedConfig$PyRun_SimpleStringFlags$PyStatus_Exception$PySys_GetObject$PySys_SetObject$PyUnicode_AsUTF8$PyUnicode_Decode$PyUnicode_DecodeFSDefault$PyUnicode_FromFormat$PyUnicode_FromString$PyUnicode_Join$PyUnicode_Replace$Py_DecRef$Py_DecodeLocale$Py_ExitStatusException$Py_Finalize$Py_InitializeFromConfig$Py_IsInitialized$Py_PreInitialize
                                                                                                                                                                                            • API String ID: 199729137-653951865
                                                                                                                                                                                            • Opcode ID: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                            • Instruction ID: 437edbb8a5f6133e4633eb7f1728bfa640da6d2cc066de4c25e8e14752fe2ade
                                                                                                                                                                                            • Opcode Fuzzy Hash: a72b1b0889ffc37889110ad0e4f068dcb4eb8b0bbe2e77bf2d8672c26fae6e03
                                                                                                                                                                                            • Instruction Fuzzy Hash: BA2290A4A8DB4BD2FA159F5AFC545B432B0BF45F8BB84143DC81E82264EF3EA549C310
                                                                                                                                                                                            Function 00007FF689C976C0 Relevance: 177.1, APIs: 66, Strings: 35, Instructions: 314libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressErrorLastProc
                                                                                                                                                                                            • String ID: Failed to get address for %hs$GetProcAddress$Tcl_Alloc$Tcl_ConditionFinalize$Tcl_ConditionNotify$Tcl_ConditionWait$Tcl_CreateInterp$Tcl_CreateObjCommand$Tcl_CreateThread$Tcl_DeleteInterp$Tcl_DoOneEvent$Tcl_EvalEx$Tcl_EvalFile$Tcl_EvalObjv$Tcl_Finalize$Tcl_FinalizeThread$Tcl_FindExecutable$Tcl_Free$Tcl_GetCurrentThread$Tcl_GetObjResult$Tcl_GetString$Tcl_GetVar2$Tcl_Init$Tcl_JoinThread$Tcl_MutexFinalize$Tcl_MutexLock$Tcl_MutexUnlock$Tcl_NewByteArrayObj$Tcl_NewStringObj$Tcl_SetVar2$Tcl_SetVar2Ex$Tcl_ThreadAlert$Tcl_ThreadQueueEvent$Tk_GetNumMainWindows$Tk_Init
                                                                                                                                                                                            • API String ID: 199729137-3427451314
                                                                                                                                                                                            • Opcode ID: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                            • Instruction ID: baf2a1d7ae0b5c6388df525c333536702a85860a0896486bf766a6fa120807cb
                                                                                                                                                                                            • Opcode Fuzzy Hash: 939c8a0ebf27c7f5789cd4a10996167767bc86255d761b2ba34a42bc6fc861e3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 1902A3A4A4EB07D5EA199F55F8105B436B1BF48F4BF84103DD82E826A0EF3EB54AC310
                                                                                                                                                                                            Function 00007FF689C981D0 Relevance: 24.6, APIs: 6, Strings: 8, Instructions: 117COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C99390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF689C945F4,00000000,00007FF689C91985), ref: 00007FF689C993C9
                                                                                                                                                                                            • ExpandEnvironmentStringsW.KERNEL32(?,00007FF689C986B7,?,?,00000000,00007FF689C93CBB), ref: 00007FF689C9822C
                                                                                                                                                                                              • Part of subcall function 00007FF689C92810: MessageBoxW.USER32 ref: 00007FF689C928EA
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ByteCharEnvironmentExpandMessageMultiStringsWide
                                                                                                                                                                                            • String ID: %.*s$CreateDirectory$LOADER: failed to convert runtime-tmpdir to a wide string.$LOADER: failed to create runtime-tmpdir path %ls!$LOADER: failed to expand environment variables in the runtime-tmpdir.$LOADER: failed to obtain the absolute path of the runtime-tmpdir.$LOADER: runtime-tmpdir points to non-existent drive %ls (type: %d)!$\
                                                                                                                                                                                            • API String ID: 1662231829-930877121
                                                                                                                                                                                            • Opcode ID: d247d3a0ca85f1815ed913d402e51827366718a31552b00c9fe28dde0a2555e6
                                                                                                                                                                                            • Instruction ID: fa047b5dd2f7120de066632d1fd754e4727c550c52d8f317564a6b48931f0153
                                                                                                                                                                                            • Opcode Fuzzy Hash: d247d3a0ca85f1815ed913d402e51827366718a31552b00c9fe28dde0a2555e6
                                                                                                                                                                                            • Instruction Fuzzy Hash: E0519551A2DA42C1FB509F26E8512BA62B0BF94F8AF44443DDA4EC76D6EF3EE504C740
                                                                                                                                                                                            Function 00007FF689C91600 Relevance: 22.9, APIs: 1, Strings: 12, Instructions: 145COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to create symbolic link %s!$Failed to extract %s: failed to allocate temporary buffer!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to open target file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$Failed to extract %s: failed to write data chunk!$fopen$fread$fseek$fwrite$malloc
                                                                                                                                                                                            • API String ID: 2050909247-1550345328
                                                                                                                                                                                            • Opcode ID: 20836aa717346e1f413dc971208a7a659eec0961482fc92b636cdd33d733a4b6
                                                                                                                                                                                            • Instruction ID: 0739a06bb0babe45edafd82e389950207c21867a54b4958a585eff2028e89667
                                                                                                                                                                                            • Opcode Fuzzy Hash: 20836aa717346e1f413dc971208a7a659eec0961482fc92b636cdd33d733a4b6
                                                                                                                                                                                            • Instruction Fuzzy Hash: 50518D61B08643D2EA10AF51E8111B963B0BF84F9AF844539EE4D97BD6EF3EE655C300
                                                                                                                                                                                            Function 00007FF8A8285CA0 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 101COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C6126570
                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_ciph.c$ECDHE-ECDSA-AES128-GCM-SHA256$ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384$ECDHE-ECDSA-AES256-GCM-SHA384$SUITEB128$SUITEB128C2$SUITEB128ONLY$SUITEB192$check_suiteb_cipher_list
                                                                                                                                                                                            • API String ID: 800424832-1099454403
                                                                                                                                                                                            • Opcode ID: 4fb00667328cc24e5a01ced80a969a7b37fcff98c645767f26b4f54dc518abc7
                                                                                                                                                                                            • Instruction ID: ffa42e1ee5eb3660f1b5d01e5e0a3d653ce650845796701dc922535a21b7cd44
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4fb00667328cc24e5a01ced80a969a7b37fcff98c645767f26b4f54dc518abc7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3B418532A1AA02B6EB148F21D95037977A0EF487D4F544435EA0E8779DDF7CE560CB28
                                                                                                                                                                                            Function 00007FF689C980C0 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: LongWindow$BlockCreateErrorLastReasonShutdown
                                                                                                                                                                                            • String ID: Needs to remove its temporary files.
                                                                                                                                                                                            • API String ID: 3975851968-2863640275
                                                                                                                                                                                            • Opcode ID: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                            • Instruction ID: b7aacb4fe4ae18721572f801f717d586ace5caed9da30a9e39bb6b59e1cddd66
                                                                                                                                                                                            • Opcode Fuzzy Hash: fca9629812ae98fc4dea80e51924cd1fa5b6a95a0379263e815d251d6ca0a567
                                                                                                                                                                                            • Instruction Fuzzy Hash: 92217F21B08A82C2EB458F7AE8441797670FF88F9AF585239DA2DC33D8DE2DD591C210
                                                                                                                                                                                            Function 00007FF8A7602740 Relevance: 16.7, APIs: 11, Instructions: 230COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927195083.00007FF8A7601000.00000040.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A7600000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927176505.00007FF8A7600000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7662000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76AE000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76B2000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76B7000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A770F000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7714000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7717000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927398298.00007FF8A7718000.00000080.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927416180.00007FF8A771A000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7600000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Initialize__scrt_acquire_startup_lock__scrt_dllmain_after_initialize_c__scrt_dllmain_crt_thread_attach__scrt_initialize_crt__scrt_release_startup_lock
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 349153199-0
                                                                                                                                                                                            • Opcode ID: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                            • Instruction ID: 3587f56f49b6aa28c7d923a6774dd8a51d8d764e30f06307721116a9f8cb4a79
                                                                                                                                                                                            • Opcode Fuzzy Hash: ba629577db6599826cb9fb44cf19b8c727e776d8ab71a1e0ce86f35fe3adb7c8
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5281A021E0A243AAFE549F66944537D26A4FF857C0F54E035D90C837A6DF3CE947A708
                                                                                                                                                                                            Function 00007FF689CA6290 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 494COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: -$:$f$p$p
                                                                                                                                                                                            • API String ID: 3215553584-2013873522
                                                                                                                                                                                            • Opcode ID: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                            • Instruction ID: bf47fc37fc99b1c2829b2954107205336d7a45f973d26db7837d63566687fd12
                                                                                                                                                                                            • Opcode Fuzzy Hash: 75ce3dd5e90789a751ac91fed3db50e3550f512a2f4dec46f6fb30c565ad9a60
                                                                                                                                                                                            • Instruction Fuzzy Hash: 611290A2E08243C6FB209E25D2546B976F1FF50F56F844139F689A66C4DF3EE980CB14
                                                                                                                                                                                            Function 00007FF689CA0FC8 Relevance: 14.5, APIs: 3, Strings: 5, Instructions: 475COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: f$f$p$p$f
                                                                                                                                                                                            • API String ID: 3215553584-1325933183
                                                                                                                                                                                            • Opcode ID: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                            • Instruction ID: 3b8942f915bd9ef882bfacf70dc4415024721c8cc4f329af52f35deaab6d5a83
                                                                                                                                                                                            • Opcode Fuzzy Hash: efdc55b57c7b5823aa39a5abe82f144bbffe385c3037011f7a836833ec2ff017
                                                                                                                                                                                            • Instruction Fuzzy Hash: 841284A2F0D143C6FB205E14E4546BA76F2FF50B56F884039D69AA69C4DF7EE480CB14
                                                                                                                                                                                            Function 00007FF689C91050 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 119COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: Failed to extract %s: failed to allocate data buffer (%u bytes)!$Failed to extract %s: failed to open archive file!$Failed to extract %s: failed to read data chunk!$Failed to extract %s: failed to seek to the entry's data!$fread$fseek$malloc
                                                                                                                                                                                            • API String ID: 2050909247-3659356012
                                                                                                                                                                                            • Opcode ID: bd5291f079a3520960b34890a602477b76cc7094dd7e1ff34f1f87f4f2e3f9f0
                                                                                                                                                                                            • Instruction ID: 6038e6fef1b8f354aa17f708f137e34c8a881f68763a8763ff4fc8039e5ead33
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd5291f079a3520960b34890a602477b76cc7094dd7e1ff34f1f87f4f2e3f9f0
                                                                                                                                                                                            • Instruction Fuzzy Hash: 84419E62B08652D2EA10DF12E8016BA67B4BF84FCAF84443AED4D97796DE3EE501C740
                                                                                                                                                                                            Function 00007FF689C98660 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 116COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetTempPathW.KERNEL32(?,?,00000000,00007FF689C93CBB), ref: 00007FF689C98704
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00007FF689C93CBB), ref: 00007FF689C9870A
                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(?,00000000,00007FF689C93CBB), ref: 00007FF689C9874C
                                                                                                                                                                                              • Part of subcall function 00007FF689C98830: GetEnvironmentVariableW.KERNEL32(00007FF689C9388E), ref: 00007FF689C98867
                                                                                                                                                                                              • Part of subcall function 00007FF689C98830: ExpandEnvironmentStringsW.KERNEL32 ref: 00007FF689C98889
                                                                                                                                                                                              • Part of subcall function 00007FF689CA8238: _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CA8251
                                                                                                                                                                                              • Part of subcall function 00007FF689C92810: MessageBoxW.USER32 ref: 00007FF689C928EA
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Environment$CreateCurrentDirectoryExpandMessagePathProcessStringsTempVariable_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: LOADER: failed to set the TMP environment variable.$LOADER: length of teporary directory path exceeds maximum path length!$TMP$TMP$_MEI%d
                                                                                                                                                                                            • API String ID: 3563477958-1339014028
                                                                                                                                                                                            • Opcode ID: 881e4fca8e19ec4ab2ebb52834f4ac375ff8f2bae867f31c8bf391ae1f14406c
                                                                                                                                                                                            • Instruction ID: e31f7519bff0fb06f7c017b048b726eb7362d6ce672922e51c69910f6fe41e05
                                                                                                                                                                                            • Opcode Fuzzy Hash: 881e4fca8e19ec4ab2ebb52834f4ac375ff8f2bae867f31c8bf391ae1f14406c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 4341A151A19642C5FA14EF22E8552BA22B1BF85FCAF804139ED0DD77DADE3EE501C340
                                                                                                                                                                                            Function 00007FF689C9EA08 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 310COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                                                                                                                                                                                            • String ID: csm$csm$csm
                                                                                                                                                                                            • API String ID: 849930591-393685449
                                                                                                                                                                                            • Opcode ID: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                            • Instruction ID: 0639849ea7426e71f69d57032b848445fa385ba4f0930637f1107e4e200998bd
                                                                                                                                                                                            • Opcode Fuzzy Hash: aab7c7e636ea8a2572919ef13f94062ff4905efd63cd4babadd9079b892b9703
                                                                                                                                                                                            • Instruction Fuzzy Hash: 60D15D32A08641CAEB209F65D4403AD77B0FF55B8DF100139EA8D97B9ADF3AE4A1C741
                                                                                                                                                                                            Function 00007FF689CAED10 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF689CAF0AA,?,?,0000024D26BEA7D8,00007FF689CAAD53,?,?,?,00007FF689CAAC4A,?,?,?,00007FF689CA5F3E), ref: 00007FF689CAEE8C
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF689CAF0AA,?,?,0000024D26BEA7D8,00007FF689CAAD53,?,?,?,00007FF689CAAC4A,?,?,?,00007FF689CA5F3E), ref: 00007FF689CAEE98
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeLibraryProc
                                                                                                                                                                                            • String ID: api-ms-$ext-ms-
                                                                                                                                                                                            • API String ID: 3013587201-537541572
                                                                                                                                                                                            • Opcode ID: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                            • Instruction ID: bba0b414dfedb515f6233d7d37a93cce272fdd9c37f472d7b4316fb4a294510d
                                                                                                                                                                                            • Opcode Fuzzy Hash: 113d78e4ddfca44ef7199ea688f338981f8b4522c7c5ddaba00381c3941a83e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: AD41ABA1B19A12C1EB159F16E80067926F1BF49FD2F88453DDD1DE7784EE3EE845C240
                                                                                                                                                                                            Function 00007FF689C92C50 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92C9E
                                                                                                                                                                                            • FormatMessageW.KERNEL32(?,?,?,?,?,?,?,?,00007FF689C93706,?,00007FF689C93804), ref: 00007FF689C92D63
                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF689C92D99
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message$CurrentFormatProcess
                                                                                                                                                                                            • String ID: %ls: $<FormatMessageW failed.>$Error$[PYI-%d:ERROR]
                                                                                                                                                                                            • API String ID: 3940978338-251083826
                                                                                                                                                                                            • Opcode ID: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                            • Instruction ID: 06487f0a234fd38f6940efcaf88f634a9d24e0c383bac08102aa60d6bcd4ec11
                                                                                                                                                                                            • Opcode Fuzzy Hash: c67c27f58c2af476bbbd059d0433c12e6f67668a4e3ecf6e42cf1bc8669f0b6b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 8531C562708A4186E6209F25F8102AA76B5BF88F9AF410139EF8DD3B59DF3DD506C300
                                                                                                                                                                                            Function 00007FF8A8271497 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 306COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: $..\s\ssl\statem\extensions_srvr.c$HMAC$SHA2-256$tls_construct_stoc_cookie
                                                                                                                                                                                            • API String ID: 0-1087561517
                                                                                                                                                                                            • Opcode ID: d743759746665b7db7d4fba4d59fd9459b03d2bc73fc4485894cad057df26e57
                                                                                                                                                                                            • Instruction ID: 62aff46e348bcd639e2586002c11f5fd5f79459c30478dbb55976b0fe0ccb014
                                                                                                                                                                                            • Opcode Fuzzy Hash: d743759746665b7db7d4fba4d59fd9459b03d2bc73fc4485894cad057df26e57
                                                                                                                                                                                            • Instruction Fuzzy Hash: 01D171A1B5AA43A1FB64AAA2D8553F91391EF807C4F445032DE4D47B8EEF7DE5018328
                                                                                                                                                                                            Function 00007FF8A82726F8 Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 257COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID:
                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_rsa.c$SERVERINFO FOR $SERVERINFOV2 FOR $SSL_CTX_use_serverinfo_file
                                                                                                                                                                                            • API String ID: 0-2528746747
                                                                                                                                                                                            • Opcode ID: 92d2cf77553a89aeada724268e9c45f3f77627d6a5c417c9fb6d9084dff02b7b
                                                                                                                                                                                            • Instruction ID: ae6aa290a88b4f3e8eabd98000e2ad979fa8d11401ebf12143d272dad77ea4e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 92d2cf77553a89aeada724268e9c45f3f77627d6a5c417c9fb6d9084dff02b7b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 47B1B261B1AA42B6FB209BA1D8501FD3BA5EF807C4F444032ED4D47A9DEF3DE6458368
                                                                                                                                                                                            Function 00007FF689C9DCC8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DD4D
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DD5B
                                                                                                                                                                                            • LoadLibraryExW.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DD85
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DDF3
                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,?,?,00007FF689C9DF7A,?,?,?,00007FF689C9DC6C,?,?,?,00007FF689C9D869), ref: 00007FF689C9DDFF
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Library$Load$AddressErrorFreeLastProc
                                                                                                                                                                                            • String ID: api-ms-
                                                                                                                                                                                            • API String ID: 2559590344-2084034818
                                                                                                                                                                                            • Opcode ID: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                            • Instruction ID: 212b81c71f88f47ab2ec12c8ee1868d0c1a61dcd2d5d60e7347e7b21aae8619c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 276526191d17588ee9fa22b972cdf0953455baf5c8a53fb276b347519b5968a9
                                                                                                                                                                                            • Instruction Fuzzy Hash: F5319022B1A642D9FE119F06E4006B527B4FF48FAAF994539ED1D96B81DE3EE444C320
                                                                                                                                                                                            Function 00007FF689C92A50 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(00000000,?,?,?,00000000,00007FF689C9351A,?,00000000,00007FF689C93F1B), ref: 00007FF689C92AA0
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: 0$WARNING$Warning$Warning [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                            • API String ID: 2050909247-2900015858
                                                                                                                                                                                            • Opcode ID: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                            • Instruction ID: e853fa5981e466109e7cb8d059569d61d88b818a0ea8d53db6ba5983f7e7ae5d
                                                                                                                                                                                            • Opcode Fuzzy Hash: d3ff72078d09a899d0ca032b5bdbc8691629937d026b54217f09319e947088a3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 01217F72A1978182E620DF61F8817E676B4BF88B85F80013AEE8D93659DF3DD645C740
                                                                                                                                                                                            Function 00007FF689C98570 Relevance: 10.6, APIs: 7, Instructions: 63COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Token$InformationProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 995526605-0
                                                                                                                                                                                            • Opcode ID: f75ab0f0843ea553283f31270fa2e47dd05c34398218a1d4d57149fb78d89f01
                                                                                                                                                                                            • Instruction ID: 28701ed9ce54701274d438fcb52a5cfeca26686fb9303efda0fa12fe677725eb
                                                                                                                                                                                            • Opcode Fuzzy Hash: f75ab0f0843ea553283f31270fa2e47dd05c34398218a1d4d57149fb78d89f01
                                                                                                                                                                                            • Instruction Fuzzy Hash: DC215E21A0C646C2EA108F56F54423AA7B4FFC5BA6F90023DEA6D87AE4DE7ED445C700
                                                                                                                                                                                            Function 00007FF689CAB150 Relevance: 10.6, APIs: 7, Instructions: 62COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                            • Instruction ID: 5fad5086ba7a81b04b71d3ecef572cedef2853b05ed4d9ddcd1ebe4ccc2df1c9
                                                                                                                                                                                            • Opcode Fuzzy Hash: bd40692f84e3da01acd5c9e715af8932c2ff4b5b564443a413d720313231dc09
                                                                                                                                                                                            • Instruction Fuzzy Hash: 96213DA0A08242C2FA695F62E95517D66F27F94FE2F44463CD93EE76C6DE2EA410C301
                                                                                                                                                                                            Function 00007FF689CB7D6C Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
                                                                                                                                                                                            • String ID: CONOUT$
                                                                                                                                                                                            • API String ID: 3230265001-3130406586
                                                                                                                                                                                            • Opcode ID: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                            • Instruction ID: 0996cada4cc6511c7fd8e0a471aa9e6decd30f580e83896089601e49ebb8a0be
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3755c2f75cb97972cd4ab37a7e27d28fd0bf6f95a56d27d10542fc75f089f0eb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 93116A21A18A41CAE7508F12E8543297AB4BF88FE6F000238EA5DC7BA4DF3DD814C740
                                                                                                                                                                                            Function 00007FF689C98ED0 Relevance: 9.1, APIs: 6, Instructions: 121COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcess.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C98EFD
                                                                                                                                                                                            • K32EnumProcessModules.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C98F5A
                                                                                                                                                                                              • Part of subcall function 00007FF689C99390: MultiByteToWideChar.KERNEL32(?,?,?,00007FF689C945F4,00000000,00007FF689C91985), ref: 00007FF689C993C9
                                                                                                                                                                                            • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C98FE5
                                                                                                                                                                                            • K32GetModuleFileNameExW.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C99044
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C99055
                                                                                                                                                                                            • FreeLibrary.KERNEL32(?,FFFFFFFF,00000000,00007FF689C93FA9), ref: 00007FF689C9906A
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileFreeLibraryModuleNameProcess$ByteCharCurrentEnumModulesMultiWide
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3462794448-0
                                                                                                                                                                                            • Opcode ID: b9812aa4a412ff6f242132f81c88a7c8c76a4ef9029947ab8fd2a45bc25d6007
                                                                                                                                                                                            • Instruction ID: 348df261ec5a2bf65321f6df53a6d7d285c5fae0f9198d1100e7eab5de79c898
                                                                                                                                                                                            • Opcode Fuzzy Hash: b9812aa4a412ff6f242132f81c88a7c8c76a4ef9029947ab8fd2a45bc25d6007
                                                                                                                                                                                            • Instruction Fuzzy Hash: 08415D62A19682C1EB709F12E5402AA67B4FF89F8AF841139DF5D97789DE3EE500C700
                                                                                                                                                                                            Function 00007FF689C990E0 Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetCurrentProcess.KERNEL32 ref: 00007FF689C98590
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: OpenProcessToken.ADVAPI32 ref: 00007FF689C985A3
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetTokenInformation.ADVAPI32 ref: 00007FF689C985C8
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetLastError.KERNEL32 ref: 00007FF689C985D2
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: GetTokenInformation.ADVAPI32 ref: 00007FF689C98612
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: ConvertSidToStringSidW.ADVAPI32 ref: 00007FF689C9862E
                                                                                                                                                                                              • Part of subcall function 00007FF689C98570: CloseHandle.KERNEL32 ref: 00007FF689C98646
                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF689C93C55), ref: 00007FF689C9916C
                                                                                                                                                                                            • LocalFree.KERNEL32(?,00007FF689C93C55), ref: 00007FF689C99175
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Token$FreeInformationLocalProcess$CloseConvertCurrentErrorHandleLastOpenString
                                                                                                                                                                                            • String ID: D:(A;;FA;;;%s)$D:(A;;FA;;;%s)(A;;FA;;;%s)$S-1-3-4$Security descriptor string length exceeds PYI_PATH_MAX!
                                                                                                                                                                                            • API String ID: 6828938-1529539262
                                                                                                                                                                                            • Opcode ID: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                            • Instruction ID: d9644b578c20ba55502e7c72a9cdd345cfede0da68b6ab45ddd09728e217c2d5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 0222097b9c90264a1a2c87a2a2fde68e1a94831f5278aced0db9eca26447961c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 71214F61A08642C2FB509F11E8153EA7274FF88B86F844039EA4DC7B96DF3ED905C740
                                                                                                                                                                                            Function 00007FF689CAB2C8 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB2D7
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB30D
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB33A
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB34B
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB35C
                                                                                                                                                                                            • SetLastError.KERNEL32(?,?,?,00007FF689CA4F11,?,?,?,?,00007FF689CAA48A,?,?,?,?,00007FF689CA718F), ref: 00007FF689CAB377
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value$ErrorLast
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2506987500-0
                                                                                                                                                                                            • Opcode ID: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                                                                                                                            • Instruction ID: 3946ca34fe2a5ded4b3e60b016b82ad92d4185b9faef832a636924c12713fa85
                                                                                                                                                                                            • Opcode Fuzzy Hash: 511c86220214880ca4b01c77dd55d0a7de68e458561f726588d357ec3f22002e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 48118EA0A0D642C2FA545F22D54017D29F2BF88FB2F40423DD82EE76D6DE2EA400C300
                                                                                                                                                                                            Function 00007FF689C92910 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 86COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,?,?,?,00000000,00000000,?,00000000,00007FF689C91B6A), ref: 00007FF689C9295E
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: %s: %s$Error$Error [ANSI Fallback]$[PYI-%d:ERROR]
                                                                                                                                                                                            • API String ID: 2050909247-2962405886
                                                                                                                                                                                            • Opcode ID: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                            • Instruction ID: 2dabb43d2834e1c0a84bfcb6621d51080c6e75262cb04c45bf26afc59e6eb8a9
                                                                                                                                                                                            • Opcode Fuzzy Hash: b3354eec44a94607d33eb4f3788ab89374ba031f66333e1b118589dca889f3f3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5F31E422B1868192E7109F65E8412E676B5BF88BD9F40013AEE8DC3749EF3DD546C300
                                                                                                                                                                                            Function 00007FF689C92B50 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000000,FFFFFFFF,00000000,00007FF689C9918F,?,00007FF689C93C55), ref: 00007FF689C92BA0
                                                                                                                                                                                            • MessageBoxW.USER32 ref: 00007FF689C92C2A
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentMessageProcess
                                                                                                                                                                                            • String ID: WARNING$Warning$[PYI-%d:%ls]
                                                                                                                                                                                            • API String ID: 1672936522-3797743490
                                                                                                                                                                                            • Opcode ID: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                            • Instruction ID: 7b4577fb8bdcf92e3c4a6821e855e5e54b68b0ff11b99ab6e31e9bc86b57d577
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4a0b6e8ebe13cae449087f655af1d2523953ec7fd560ce9a50e7097f48d063a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC219C62708B8182E7109F65F8447AA77B4FF88B85F80413AEA8D97659DF3DD605C740
                                                                                                                                                                                            Function 00007FF689C92710 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetCurrentProcessId.KERNEL32(?,00000000,00000000,?,00000000,00007FF689C91B99), ref: 00007FF689C92760
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentProcess
                                                                                                                                                                                            • String ID: ERROR$Error$Error [ANSI Fallback]$[PYI-%d:%s]
                                                                                                                                                                                            • API String ID: 2050909247-1591803126
                                                                                                                                                                                            • Opcode ID: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                            • Instruction ID: f67e2f05ae515c8438f0ac42c2293eccfec0a43bf7bcb0c9fa8043ea13799f7e
                                                                                                                                                                                            • Opcode Fuzzy Hash: a4fe537d534c2fb53088f6f6b76b448a80ccad2508d4dc842b27f1a8247accfc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45219C72B18B8182E6209F61F8817EAB6B4BF88B85F800139EA8C93659DF3DD145C740
                                                                                                                                                                                            Function 00007FF689CA9A88 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                            • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                            • API String ID: 4061214504-1276376045
                                                                                                                                                                                            • Opcode ID: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                            • Instruction ID: bc4e4a107969185cf3af623bdad7de7f44e4e90463eb08635ad948fdfdfef9c3
                                                                                                                                                                                            • Opcode Fuzzy Hash: b239dd027a539e56a716c05e535b4da9cb8e2339e08a4dc57142401ef2416000
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21F06265B09B06C1EA108F24E48537A7770BF89F66F54023ED66E862E4DF2ED545C710
                                                                                                                                                                                            Function 00007FF689CB9368 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _set_statfp
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 1156100317-0
                                                                                                                                                                                            • Opcode ID: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                            • Instruction ID: 1dfdfaaf0db255807a2604a110c0712f25348a96a67939c6aba423ba212f51df
                                                                                                                                                                                            • Opcode Fuzzy Hash: bce21d2362216a5e504affcf34f2858e363de54600403cac3d1eeb36cb2ab404
                                                                                                                                                                                            • Instruction Fuzzy Hash: BC118226E5CA0381FEE41965E4913793070BF5DB6EF04463CEB6FD62D6CE6E6941C110
                                                                                                                                                                                            Function 00007FF689CAB390 Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • FlsGetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB3AF
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB3CE
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB3F6
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB407
                                                                                                                                                                                            • FlsSetValue.KERNEL32(?,?,?,00007FF689CAA5A3,?,?,00000000,00007FF689CAA83E,?,?,?,?,?,00007FF689CAA7CA), ref: 00007FF689CAB418
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                            • Opcode ID: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                            • Instruction ID: aec0aa0949576c00ae80a9f1bf33cbf7da048857d83c65b4e4432bd65083e7d8
                                                                                                                                                                                            • Opcode Fuzzy Hash: 6f944022d23edc1c4acf36ee41aa723466f994e0e1af3fb98e05b0010e79b0d5
                                                                                                                                                                                            • Instruction Fuzzy Hash: A21160A0E09642C2FA549F26D54117925F27F85FB2F88473CD83DE66D6DE2EA401C201
                                                                                                                                                                                            Function 00007FF689CAB224 Relevance: 7.6, APIs: 5, Instructions: 50COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Value
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 3702945584-0
                                                                                                                                                                                            • Opcode ID: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                                                                                                                            • Instruction ID: e922bf0ddb21e888da95c13f5eefbf3568373130bb9223864acb70521a5e1b74
                                                                                                                                                                                            • Opcode Fuzzy Hash: cf61fb6c00b1796c5bed08ecf7b6551a73a14dc995a044f45feadad5ae41d3ad
                                                                                                                                                                                            • Instruction Fuzzy Hash: 17110DA0A08207C2F9996E62D4111BD15F26F86F76F44473DD93DE66C3DD2EB840C201
                                                                                                                                                                                            Function 00007FF689CA5FA0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 242COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: verbose
                                                                                                                                                                                            • API String ID: 3215553584-579935070
                                                                                                                                                                                            • Opcode ID: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                            • Instruction ID: 9c8be235fc108d5f61e7948bb0a099af4a5bdb571babd48b324af04b4c09f0d5
                                                                                                                                                                                            • Opcode Fuzzy Hash: 8c3a45f75ca5c0a3459ca2e96ae2fbbf181a3d63a640e770f0a7cf37c7606cec
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2B91B1A2A08646C1FB618E24D65077D36F1BF50F96F84423AEA5DA73D6DE3EE845C300
                                                                                                                                                                                            Function 00007FF689CAFBC8 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: UTF-16LEUNICODE$UTF-8$ccs
                                                                                                                                                                                            • API String ID: 3215553584-1196891531
                                                                                                                                                                                            • Opcode ID: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                            • Instruction ID: 36a27278de520204efd613bb82d90cce056c3672e68b8a9145ea5ec585aacda0
                                                                                                                                                                                            • Opcode Fuzzy Hash: 7089664b0a027e884898b454f5d4d61e653d4f3baae8c024cbe23c99275e4c13
                                                                                                                                                                                            • Instruction Fuzzy Hash: FB819BB2E08242C6F7669E69C1542782AF0BF15F8AF55803DCA49E7689CF3EE901D341
                                                                                                                                                                                            Function 00007FF8A7601FD0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 173COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927195083.00007FF8A7601000.00000040.00000001.01000000.0000002A.sdmp, Offset: 00007FF8A7600000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927176505.00007FF8A7600000.00000002.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7662000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76AE000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76B2000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A76B7000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A770F000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7714000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927195083.00007FF8A7717000.00000040.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927398298.00007FF8A7718000.00000080.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927416180.00007FF8A771A000.00000004.00000001.01000000.0000002A.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7600000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C6126570
                                                                                                                                                                                            • String ID: CJK UNIFIED IDEOGRAPH-$HANGUL SYLLABLE
                                                                                                                                                                                            • API String ID: 800424832-87138338
                                                                                                                                                                                            • Opcode ID: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
                                                                                                                                                                                            • Instruction ID: cff7b44dffab196ad37eae90477a2bb01d55823fbf9d8c0a230dd764c58ac5f4
                                                                                                                                                                                            • Opcode Fuzzy Hash: d800521c55394c3ad25b6a38125f6762d0e11982fd6218b3e6ef33505340922b
                                                                                                                                                                                            • Instruction Fuzzy Hash: 25610772B196425AEA648E19A80077E7262FF80BD0F44E235EB5A476C5DF7CE503A704
                                                                                                                                                                                            Function 00007FF689C9D648 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 154COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentImageNonwritableUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2395640692-1018135373
                                                                                                                                                                                            • Opcode ID: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                            • Instruction ID: ecd6da6eb4a17c2c407d10770a0568a8e46f7f347ab445da74f2da0cb68c279c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4bd751ab4a757734da5bac4c310991cbc8ef63d187f18c7a3c34a87046479a0f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 38519D22A19642CADB148F15E054A7877B1FF44F9DF108138EA4E97B8ADF7EE841C740
                                                                                                                                                                                            Function 00007FF8A7A01CA0 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 149COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$C610F020
                                                                                                                                                                                            • String ID: BrotliDecompress failed$y*|:decompress
                                                                                                                                                                                            • API String ID: 1199462638-3609120798
                                                                                                                                                                                            • Opcode ID: 1dfeb41befc088f359630a9009b93ccc2498eed697200d288a3dde7c9a2760e2
                                                                                                                                                                                            • Instruction ID: f91e3319a7286aa69a9da0e231945a4407a5d6b4aa3da00348aafc2a43a9190c
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1dfeb41befc088f359630a9009b93ccc2498eed697200d288a3dde7c9a2760e2
                                                                                                                                                                                            • Instruction Fuzzy Hash: 3D610936B0AA82A6EB608F61E4513FD63A5FB48BC8F444831DE4E53B58EE3CE555D340
                                                                                                                                                                                            Function 00007FF689C9F288 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Frame$EmptyHandler3::StateUnwind__except_validate_context_record
                                                                                                                                                                                            • String ID: csm$csm
                                                                                                                                                                                            • API String ID: 3896166516-3733052814
                                                                                                                                                                                            • Opcode ID: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                            • Instruction ID: 25666a8bee1b2446781d13433b93a13380fff7fae1673c5995da3d5acfa8a17d
                                                                                                                                                                                            • Opcode Fuzzy Hash: b828653c103bc27f8420a51a056d9897bfd6e6497fd7c081c32eb92dd3ed2bbb
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2E515C72A18642CAEB648F22D04436C76B0FF55F9AF18413ADA4D87B95CF3EE890C705
                                                                                                                                                                                            Function 00007FF689C9EED8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CallEncodePointerTranslator
                                                                                                                                                                                            • String ID: MOC$RCC
                                                                                                                                                                                            • API String ID: 3544855599-2084237596
                                                                                                                                                                                            • Opcode ID: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                            • Instruction ID: fa6b97dcfe03e442b2dc75005e83cd1ed24b0e916d0cc45693edf7b62113bcce
                                                                                                                                                                                            • Opcode Fuzzy Hash: 1c81a5d02d7979dd4dad50f55436adaf5051385037e661534b2c2f58034018d3
                                                                                                                                                                                            • Instruction Fuzzy Hash: 45619F32908BC5C5EB208F15E4403AAB7B0FB95B89F044229EB9C97B99DF7DD590CB00
                                                                                                                                                                                            Function 00007FF8A82719DD Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007A8344
                                                                                                                                                                                            • String ID: ..\s\ssl\tls_srp.c
                                                                                                                                                                                            • API String ID: 2099648154-1778748169
                                                                                                                                                                                            • Opcode ID: 10ce8fe54628ff813415ccb6b761ad5681ec6e9ea4152f83edd5d38152cc8e62
                                                                                                                                                                                            • Instruction ID: 0af1740593179f78616a52c7a786d1ba89cdc37a3f5c40a5a6d01a85009affb3
                                                                                                                                                                                            • Opcode Fuzzy Hash: 10ce8fe54628ff813415ccb6b761ad5681ec6e9ea4152f83edd5d38152cc8e62
                                                                                                                                                                                            • Instruction Fuzzy Hash: EA416021A1BB43A9FA54AF2594547B866A0EF40FD4F184634DD5D0BB8DEF3CE4418338
                                                                                                                                                                                            Function 00007FF689C97E20 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 81COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • CreateDirectoryW.KERNEL32(00000000,?,00007FF689C9352C,?,00000000,00007FF689C93F1B), ref: 00007FF689C97F32
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CreateDirectory
                                                                                                                                                                                            • String ID: %.*s$%s%c$\
                                                                                                                                                                                            • API String ID: 4241100979-1685191245
                                                                                                                                                                                            • Opcode ID: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                                                                                                                            • Instruction ID: addbbed209b1e3d27abbdaf5f6f186f61d7c134dc2298facc37721cb1f0759af
                                                                                                                                                                                            • Opcode Fuzzy Hash: a1c59376f93c8b4c6db0aee125681cb96c2ab9e1787ffa8cf6eb7b68f1c1c36c
                                                                                                                                                                                            • Instruction Fuzzy Hash: 2431A561719AC1C9EA219F21E8507AA6274FF84FE9F440239EA6D87BC9DE2DD605C700
                                                                                                                                                                                            Function 00007FF689C92810 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 65windowCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Message
                                                                                                                                                                                            • String ID: ERROR$Error$[PYI-%d:%ls]
                                                                                                                                                                                            • API String ID: 2030045667-255084403
                                                                                                                                                                                            • Opcode ID: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                            • Instruction ID: 3daf5865d83e96d2dedb37dc0c95b8eefb56c13b2077ccd7497c5ab2d720bf79
                                                                                                                                                                                            • Opcode Fuzzy Hash: 035b7a672ed8def45fe49a9c290554376ffedfd07499b26c39d849b73b89d90e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0A21BC62B08B8182E7109F24F8407EA77B0FF88B85F80013AEA8D9365ADF3DD645C740
                                                                                                                                                                                            Function 00007FF689CAC5A0 Relevance: 6.3, APIs: 4, Instructions: 299fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: FileWrite$ConsoleErrorLastOutput
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2718003287-0
                                                                                                                                                                                            • Opcode ID: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                            • Instruction ID: 291787d1520845a1516f6581200d9f5664ff242385463ec12ad25e87be09dfdd
                                                                                                                                                                                            • Opcode Fuzzy Hash: 04e310725d937c0b27e7ac1e6c46040fced781be2c4963351fe3137ba04acc33
                                                                                                                                                                                            • Instruction Fuzzy Hash: 46D1E2B2B18A41CEE710CF76D8402AC37B1FF55B99B44422ADE5EA7B89DE39D416C300
                                                                                                                                                                                            Function 00007FF689CACF60 Relevance: 6.2, APIs: 4, Instructions: 218COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • GetConsoleMode.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF689CACF4B), ref: 00007FF689CAD07C
                                                                                                                                                                                            • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00007FF689CACF4B), ref: 00007FF689CAD107
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ConsoleErrorLastMode
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 953036326-0
                                                                                                                                                                                            • Opcode ID: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                            • Instruction ID: 34a27dab844d8d8a6e95b65a5ca84b138cdfe6c711d0bfcd8a7882a3df8e36e7
                                                                                                                                                                                            • Opcode Fuzzy Hash: a47a8d54e36ced6583969bea4ac316e5fdc1f02f5f342ddc714eca2f45cad1a1
                                                                                                                                                                                            • Instruction Fuzzy Hash: D0919CB2E18652C9F7609F65D8402BD2AF0BF54F9AF54413DDE0EA6A85DF3AD442C700
                                                                                                                                                                                            Function 00007FF689CAF98C Relevance: 6.2, APIs: 4, Instructions: 162COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_isindst
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 4170891091-0
                                                                                                                                                                                            • Opcode ID: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                            • Instruction ID: 35073814e636c90d2404c38ba27cced4a17dfb1c91526e3b702e0f08fbe776e4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 873197461a12b50781dd6dd2a54ab0b7f590f407db75148e336b6c99fa373a01
                                                                                                                                                                                            • Instruction Fuzzy Hash: B751F4B2F05211CBEB14CF64E9556BC6BB1BF44B6AF50123DDD1EA2AE5DF39A402C600
                                                                                                                                                                                            Function 00007FF8A7A36C80 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007$A2419$C61203
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 667864500-0
                                                                                                                                                                                            • Opcode ID: e52e19dddba48d9fc27f932283582fe1209b610db4686e9e18e3710054b30bbc
                                                                                                                                                                                            • Instruction ID: 71831f808e69ea9a419fd59b925b6a969d5f2ef90d3919b313fd874e2adeea5d
                                                                                                                                                                                            • Opcode Fuzzy Hash: e52e19dddba48d9fc27f932283582fe1209b610db4686e9e18e3710054b30bbc
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6871F136608BC492D660CF16F8807AEB7A8F788B84F548126EEDD43B58DF38D155DB40
                                                                                                                                                                                            Function 00007FF689CA577C Relevance: 6.1, APIs: 4, Instructions: 119pipeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: File$ErrorHandleInformationLastNamedPeekPipeType
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2780335769-0
                                                                                                                                                                                            • Opcode ID: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                            • Instruction ID: a5b248dea682ab9951b47ac04231ecd2c3741e0809624ea1e11c9150a59c2e57
                                                                                                                                                                                            • Opcode Fuzzy Hash: 601044899bb77d1db34704472f686b9691880a3163deed0eb7e9945e8072c835
                                                                                                                                                                                            • Instruction Fuzzy Hash: E95149A2E08681CAEB10CFB1D4503BD27F2BF48BA9F158539DA0DAB689DF39D441C740
                                                                                                                                                                                            Function 00007FF689C9D010 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
                                                                                                                                                                                            • String ID:
                                                                                                                                                                                            • API String ID: 2933794660-0
                                                                                                                                                                                            • Opcode ID: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                            • Instruction ID: b5ec8bfb1db239f28345b9084d8721dd59bc85279a9382ddf70c4b43cd8c4bf2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 884c9866f0db1ea4ea3e8c559fd458021c8c8106c035f87ab540984eb8a2d97e
                                                                                                                                                                                            • Instruction Fuzzy Hash: BB114822B14B06CAEB008F60E8442A933B4FB59B59F440E39EA2D86BA4DF38D554C380
                                                                                                                                                                                            Function 00007FF8A8271A05 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C61208
                                                                                                                                                                                            • String ID: ..\s\ssl\ssl_asn1.c$d2i_SSL_SESSION
                                                                                                                                                                                            • API String ID: 3535234312-384499812
                                                                                                                                                                                            • Opcode ID: 068ff74c5e04d3b22dd643f34b65afc901536cdc3614985e071ae3aafa1cdff7
                                                                                                                                                                                            • Instruction ID: 442cbb373c4afa27d1374d00405ab2790a41c95d45d44e9d92f4415c12190ac6
                                                                                                                                                                                            • Opcode Fuzzy Hash: 068ff74c5e04d3b22dd643f34b65afc901536cdc3614985e071ae3aafa1cdff7
                                                                                                                                                                                            • Instruction Fuzzy Hash: 5FD12E32A0AB46A2EF559F65D4806B837A4FB44BC0F448036DE9D4779DEF38E450C328
                                                                                                                                                                                            Function 00007FF8A7A019F0 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007
                                                                                                                                                                                            • String ID: BrotliDecoderDecompressStream failed while processing the stream$y*:process
                                                                                                                                                                                            • API String ID: 3568877910-3378180327
                                                                                                                                                                                            • Opcode ID: ebe849aa38d28a6f9b76366784e34f312a3ee510abe0b2ee51e6d9ec1560f0ea
                                                                                                                                                                                            • Instruction ID: e9087877773535fd77f076867b68c5237b08f9c43887f0b0dac7774bbc6b3a5e
                                                                                                                                                                                            • Opcode Fuzzy Hash: ebe849aa38d28a6f9b76366784e34f312a3ee510abe0b2ee51e6d9ec1560f0ea
                                                                                                                                                                                            • Instruction Fuzzy Hash: FB513632A0AB86A9EB608F65E4513ED33A5FB49B88F441835DA4D13B58FF3CE456D340
                                                                                                                                                                                            Function 00007FF689CB5B1C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 121COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: _get_daylight$_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: ?
                                                                                                                                                                                            • API String ID: 1286766494-1684325040
                                                                                                                                                                                            • Opcode ID: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                            • Instruction ID: 2f13d7def42f2a25c03f8cce69913f7c881d3d375653bc48bfb3c1ad81a151c4
                                                                                                                                                                                            • Opcode Fuzzy Hash: 34aa9ba053483d92f686c00bb3d23c2ed0895a5cb55bf09a4ef316522e0c30cf
                                                                                                                                                                                            • Instruction Fuzzy Hash: 6B41D022A082C286FB649F26D45137A76B1FF84FA6F144239EE5C86AD9DF3ED441C700
                                                                                                                                                                                            Function 00007FF689CA9014 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            • _invalid_parameter_noinfo.LIBCMT ref: 00007FF689CA9046
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: RtlFreeHeap.NTDLL(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA95E
                                                                                                                                                                                              • Part of subcall function 00007FF689CAA948: GetLastError.KERNEL32(?,?,?,00007FF689CB2D22,?,?,?,00007FF689CB2D5F,?,?,00000000,00007FF689CB3225,?,?,?,00007FF689CB3157), ref: 00007FF689CAA968
                                                                                                                                                                                            • GetModuleFileNameW.KERNEL32(?,?,?,?,?,00007FF689C9CBA5), ref: 00007FF689CA9064
                                                                                                                                                                                            Strings
                                                                                                                                                                                            • C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe, xrefs: 00007FF689CA9052
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileFreeHeapLastModuleName_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: C:\Users\user\Desktop\OBS-Studio-30.2.3-Windows-Installer.exe
                                                                                                                                                                                            • API String ID: 3580290477-2313934977
                                                                                                                                                                                            • Opcode ID: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                                                                                                                            • Instruction ID: 71fc21b04aad2d8ef2ea33eb382f1f720bfa7d7531ba9e90abb7bd0d63cbfb1f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 652ac8178d02f9bf502bb0dac840cc2c27021cfa98e1c84195502d2d1921a3a9
                                                                                                                                                                                            • Instruction Fuzzy Hash: 21417CB6A08A12C6EB549F26E8510B867F5FF44FD2B554039EA4E93B85DF3EE481C300
                                                                                                                                                                                            Function 00007FF8A7A2A350 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 101COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927451345.00007FF8A7A01000.00000040.00000001.01000000.00000027.sdmp, Offset: 00007FF8A7A00000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927433893.00007FF8A7A00000.00000002.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7A56000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927451345.00007FF8A7ACD000.00000040.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927551241.00007FF8A7ACE000.00000080.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927569316.00007FF8A7AD0000.00000004.00000001.01000000.00000027.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a7a00000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: 00007C6138
                                                                                                                                                                                            • String ID: Tg]@
                                                                                                                                                                                            • API String ID: 2722774091-1367013573
                                                                                                                                                                                            • Opcode ID: 3719e9e772ddd07db95e1395b94176eaae3edf7eef6ff48e371fe99230a2501a
                                                                                                                                                                                            • Instruction ID: 85c3193a66a2e36bafda2aa4b972aea727f0c2325bd2576d3b8fe40dfc46c801
                                                                                                                                                                                            • Opcode Fuzzy Hash: 3719e9e772ddd07db95e1395b94176eaae3edf7eef6ff48e371fe99230a2501a
                                                                                                                                                                                            • Instruction Fuzzy Hash: 31412732A16B89AAD7118F3690016AEB651FF45BC4F148331EE0B27760EF38F192D640
                                                                                                                                                                                            Function 00007FF689CACC38 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ErrorFileLastWrite
                                                                                                                                                                                            • String ID: U
                                                                                                                                                                                            • API String ID: 442123175-4171548499
                                                                                                                                                                                            • Opcode ID: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                            • Instruction ID: 747fdbfd7d5f6c54e3fac3408fe8858417eae2e5584fdfe73ecae2f2fc66d856
                                                                                                                                                                                            • Opcode Fuzzy Hash: 4f5d94246872f2193e537bc66f33c90add5f7e97f4787e66017fcfb3b1ebd6d4
                                                                                                                                                                                            • Instruction Fuzzy Hash: D641A072A18A85C6EB208F25E8443AA67B0FB88B85F804139EE4DD7798EF3DD401C740
                                                                                                                                                                                            Function 00007FF8A82785B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 68timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Time$System$File
                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                            • API String ID: 2838179519-1553575800
                                                                                                                                                                                            • Opcode ID: 5530e0db4563f3136961ddcacea572fb8f4abfde4476f4fcd83b7edc0dcc1c0e
                                                                                                                                                                                            • Instruction ID: a7bae51b293d3e08c070727bd671f908be348a721201d391b97bf756e126ad6f
                                                                                                                                                                                            • Opcode Fuzzy Hash: 5530e0db4563f3136961ddcacea572fb8f4abfde4476f4fcd83b7edc0dcc1c0e
                                                                                                                                                                                            • Instruction Fuzzy Hash: CE210672A05686A6DB94CF2AD80037C77E1EB88BD4F448035DA5D87758EF3CD1508B18
                                                                                                                                                                                            Function 00007FF689CAF5B8 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: CurrentDirectory
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 1611563598-336475711
                                                                                                                                                                                            • Opcode ID: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                                                                                                                            • Instruction ID: 53205894c7e312cd8fa06d2ba5bc1135fdee17484aa6266a0aac2ea6a0720270
                                                                                                                                                                                            • Opcode Fuzzy Hash: e8d367c4ea258391d160676196091cc4497c978f166048fd005a5cb1bdaac227
                                                                                                                                                                                            • Instruction Fuzzy Hash: 0021BDA2A18281C6EB209F11D44826D73F1FF88F85F864039DA8D93694DF7EE944CA81
                                                                                                                                                                                            Function 00007FF689C9FD48 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: ExceptionFileHeaderRaise
                                                                                                                                                                                            • String ID: csm
                                                                                                                                                                                            • API String ID: 2573137834-1018135373
                                                                                                                                                                                            • Opcode ID: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                            • Instruction ID: ad2138ca45e2eba8c05ee95b82af40a8bb0573d12fba447b6a0b2c2385f5a5ed
                                                                                                                                                                                            • Opcode Fuzzy Hash: b596af9f6a60738c50b353da5cbad86497326ffe12a5eabfdc94c01c9dae4a3e
                                                                                                                                                                                            • Instruction Fuzzy Hash: 63110732618B8582EB618F15F440269B7B4FB88B89F584234EA8D47769DF3DD951CB00
                                                                                                                                                                                            Function 00007FF689CB073C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3927065508.00007FF689C91000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF689C90000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3927047021.00007FF689C90000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927091384.00007FF689CBB000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CCE000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927115081.00007FF689CD1000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3927153519.00007FF689CD4000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff689c90000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: DriveType_invalid_parameter_noinfo
                                                                                                                                                                                            • String ID: :
                                                                                                                                                                                            • API String ID: 2595371189-336475711
                                                                                                                                                                                            • Opcode ID: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                            • Instruction ID: 3de622be83e406428e351efce58c81b6cb4b450854c235a0cf0ddba3ce706ac2
                                                                                                                                                                                            • Opcode Fuzzy Hash: 68237dfdc7112287ec82a3b365f776b5c9f6f856de5878160eaa1a8f91e0357f
                                                                                                                                                                                            • Instruction Fuzzy Hash: 83018F62A18602C6F720EF60D47127EB7B0FF89B4AF80003DD54EE6695EE2EE504CB14
                                                                                                                                                                                            Function 00007FF8A8278FD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 35timeCOMMON
                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                            APIs
                                                                                                                                                                                            Strings
                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                            • Source File: 00000002.00000002.3928281921.00007FF8A8271000.00000040.00000001.01000000.00000013.sdmp, Offset: 00007FF8A8270000, based on PE: true
                                                                                                                                                                                            • Associated: 00000002.00000002.3928251133.00007FF8A8270000.00000002.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F3000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A82F5000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A831D000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8328000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928281921.00007FF8A8333000.00000040.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928541684.00007FF8A8337000.00000080.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            • Associated: 00000002.00000002.3928565552.00007FF8A8338000.00000004.00000001.01000000.00000013.sdmpDownload File
                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                            • Snapshot File: hcaresult_2_2_7ff8a8270000_OBS-Studio-30.jbxd
                                                                                                                                                                                            Similarity
                                                                                                                                                                                            • API ID: Time$System$File
                                                                                                                                                                                            • String ID: gfff
                                                                                                                                                                                            • API String ID: 2838179519-1553575800
                                                                                                                                                                                            • Opcode ID: 67d5b2b245d6d65e2ef5cc5c305487d292cfc8c0b311219f02d73a446867e23b
                                                                                                                                                                                            • Instruction ID: 8432b9a13c7a2e84028e299d33c792f38829a618f62ccfe0c9fd6f29eb869667
                                                                                                                                                                                            • Opcode Fuzzy Hash: 67d5b2b245d6d65e2ef5cc5c305487d292cfc8c0b311219f02d73a446867e23b
                                                                                                                                                                                            • Instruction Fuzzy Hash: C401DBE2B1594592DB50DB2AF8012596791EBDC7D4F449032E68DC7B59FF2CD1418710